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Description 

BACKGROUND OF THE INVENTION 

5 1 . Field of the Invention 

Tlie present invention relates generally to the field of scrambling and transmission systems and more specifically, 
to an external security module for a television signal decoder of a broadcast, satellite, or cable television transmission 
system. Additionally, the present invention is more specifically directed to a method of transmitting subscriber informa- 

10 tion to subscription television signal distributors and methods for converting a television signal decoder to accept digital 
television signals. The present Invention has particular application for B-type Multiplexed Analog Component (B-MAC) 
satellite transmission, but may also be used for NTSC (National Television Standards Committee), PAL, SECAM, or 
proposed high definition television formats. In addition, the scrambling system of the present Invention can be used in 
applications in related fields such as electronic banking networks, telephone switching systems, cellular telephone 

IS networks, computer networks, etc. The system has particular application to so-called ' conditional-access " multichan- 
nel television systems, where the viewer may have access to several "basic" channels, one or more "premium' or 
extra-cost channels as well as "pay-per-view" or "impulse pay-per-view" programs. 

2. Description of the Relevant Art 

20 

In a pay television system, a pay television service provider typically protects the signal from unauthorized sub- 
scribers and pirates through scrambling. 

For the purposes of the following discussion and this invention, the term "subscriber" means one who Is paying 
for the television sen/ice. The "subscriber" could thus be an individual consumer with a decoder in his own home, or 
25 could be a system operator such as a local cable TV operator, or a small network operator such as a Hotel/Motel 
operator with a central decoder for all televisions In the Hotel or Motel. In addition, the "subscriber" could be an Industrial 
user, as described in U.S. Patent 4.866,770 assigned to the same assignee as the present application and Incorporated 
herein by reference. 

For the purposes of this invention, a network is defined as a program source, (such as a pay television provider), 
30 an encoder, (sometimes called a "headend '), a transmission means (satellite, cable, radio wave, etc.) and a series of 
decoders used by the subscribers as described above. A system is defined as a program source, an encoder, a trans- 
mission means, and a single receiving decoder. The system model is used to describe how an individual decoder In a 
network interacts with the encoder 

The scrambling process is accomplished via a key which may itself be encrypted. Each subscriber wishing to 
55 receive the signal Is provided with a decoder having an identification number which is unique to the decoder The 
decoder may be individually authorized with a key to descramble the scrambled signal, provided appropriate payments 
are made for service. Authorization is accomplished by distributing descrambling algorithms which work in combination 
with the key (and other information) to paying subscribers, and by denying that Information to non-subscribers and to 
all would-be pirates. 

40 The key may be transmitted as a data signal embedded In the normal television transmission associated with the 

Identification number of the decoder. In a typical television signal, there are so-called "vertical blanking Intervals" (VBI) 
occurring in each field and "horizontal blanking intervals' (HBI) occurring in each line between the chrominance and 
luminance signals. Various other signals can be sent "in-band° in the vertical and horizontal blanking intervals including 
additional audio channels, data, and teletext messages. The key can be embedded In these 'blanking Intervals" as is 

4S well known In the art. Attention is drawn to U.S. Patent No. 4,829,569 assigned to the same assignee as the present 
application and Incorporated herein by reference, showing how such data can be embedded In a B-MAC signal. Alter- 
natively, the key may be sent "out-of-band" over a separate data channel or even over a telephone line. 
Maintaining security In a conditional-access television network depends on the following requirements: 

so (j) The signal scrambling techniques must be sufficiently complex to insure that direct encryptographic attack is 

not practical. 

(li) keys distributed to an authorized decoder cannot be read out and transferred to other decoders. 

The first condition can be satisfied by practical scrambling algorithms now available such as the DES (Data En- 
ss cryption Standard) or related algorithms. 

The second condition requires the physical security of certain devices within the television signal decoder and Is 
much more difficult to satisfy. Such a device must prevent observation of both the key decryption process and the 
partially decrypted key signals. 
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Figure 1 shows a prior art conditional-access system for satellite transmission. In encoder 101, the source program 
information 102 which comprises video signals, audio signals, and data is scrambled in program scrambler 103 using 
a key from key memory 104. The scrambling techniques used may be any such techniques which are well known in 
the art. The key can be a signal or code number used In the scrambling process which is also required to 'unlock' or 

5 descramble the program In program descrambler 108 in decoder 106. In practice, one key can be used (single layer 
encryption) or more than one key (not shown). The key is usually changed with time (i.e. - monthly) to discourage 
piracy. The scrambled programs and the key are transmitted through satellite link 105, and received by conditional- 
access decoder 106. Decoder 106 recovers the key from the received signal, stores it in key memory 107 and applies 
It to program descrambler 108 which descrambles the scrambled program received over satellite link 105, and outputs 

10 unscrambled program 109. The system is not totally secure, as the key is transmitted in the clear through the channel 
and is available for recovery by pirates. 

To overcome this difficulty and referring to prior art Figure 2, a method of protecting the key during distribution is 
introduced into the system of Figure 1 . Prior to transmission, the key used to scramble source program 202 in program 
scrambler 203 is recovered from key memory 204 and itself encrypted in key encryptor 210 using a secret serial number 

'5 (SSN) from secret serial number database 211 which contains a list of the secret serial numbers of all legitimate sub- 
scribers. These secret serial numbers may relate to the unique identification numbers mentioned above for each de- 
coder of a network of such decoders. The source program has now been scrambled using the key. and the key itself 
has been encrypted using a secret serial number. Thus, the key is not subject to compromise or recovery during 
transmission In comparison with the system of Figure 1 . In order to descramble the program, the pirate must first obtain 

20 the secret serial number of a legitimate decoder, match it with the appropriately encrypted key. decrypt the key, and 
then descramble the program. The secret serial number is installed in decoder 206, for example, during manufacture 
in SSN memory 21 2 resident in decoder 206. The secret serial number is therefore unavailable to pirates provided that 
decoder 206 remains physically secure. 

Each secret serial number is unique to an individual decoder or. at least, unique to a group of decoders in order 

25 to be reasonably secure. The encrypted key may therefore be transmitted to each decoder individually by cycling 
through a database 211 . containing all the secret serial numbers of the network in encoder 201 and forming a separate 
key distribution message in an addressed data packet Individually addressed to each authorized decoder in the network. 
An individual decoder recognizes when its encrypted key has been received by reading the key distribution message 
attached to the encrypted key A typical address data packet is depicted in Figure 9 and described more fully below. 

30 In known B-MAC systems, the key is distributed in an addressed data packet individually addressed to a particular 

subscriber's decoder by means of its unique identification number. The addressed data packet is typically inserted in 
lines 4 through 8 of the vertical blanking interval. Each addressed data packet is typically addressed to one individual 
decoder. As there are sixty fields generated per second (30 frames of 2 interlaced fields each) in a B-MAC or NTSC 
television signal, at the rate of one addressed data packet per field, a possible sixty different decoders (or groups of 

35 decoders) can be addressed each second, or 3600 per minute, 215,000 per hour, and over 5 million per day Since 
each decoder need only be addressed when the service level or encryption level changes, there are sufficient frames 
available to individually address each decoder even in large systems. The address rate of the decoders may be in- 
creased by transmitting more than one addressed data packet per field. Additional data packets may be inserted in 
the vertical blanking interval or in the horizontal blanking intervals of each frame. The total number of possible address- 
ee able decoders is a function of the number on data bits available for decoder addresses. The B-MAC format typically 
uses 28 bits for decoder addresses, allowing for over 268 million possible decoder addresses. Attention is drawn to 
the United States Advanced Television Systems Committee Report T2/62, "MULTIPLEXED ANALOG COMPONENT 
TELEVISION BROADCAST SYSTEM PARAMETER SPECIFICATIONS. "incorporated herein by reference, which de- 
scribes the data format in a B-MAC signal. 

45 After receiving the addressed data packet, key decryptor 21 3 then decrypts the key using the secret serial number 

stored in SSN memory 212. If service to any decoder 206 in the network is to be terminated, the secret serial number 
for that decoder is simply deleted from SSN database 211, and decoder 206 is deauthorized at the beginning of the 
next key period. 

In a decoder such as the one shown in Figure 2, the pay television provider has to rely on the physical security of 
so the decoder box itself to prevent a pirate from reading or modifying the secret serial number and key memories in the 
decoder or observing the key decryption process. In order to provide the necessary physical security, decoder boxes 
can be equipped with tamper-proof seals, specialty headed screws and fasteners, or other tamper resistant packaging 
to make physical compromise of the decoder difficult. The subscriber is aware that tampering with the decoder could 
. alter the tamper-proof seals or damage the decoder and subsequent examination could lead to discovery. 
55 There are several disadvantages of relying on the physical security of the decoder to maintain system security 
First, the pay television provider has to maintain ownership and control over all of the decoders of the network and 
then rent or lease the decoders to subscribers. The pay television provider is thus responsible for maintenance of all 
decoders and must maintain an expensive parts inventory and maintenance staff. In addition, in order to initiate service, 
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a serviceperson must make a personal visit to the subscriber's location to install the decoder In a pay television satellite 
system, such installation and service calls could be quite costly for remote installations which could be located anywhere 
in the world. Further, the physical security of a decoder could be breached without fear of discovery if a pirate could 
obtain a decoder that had been stolen either during the distribution process or from an individual subscriber's home. 
5 Hence, the system of Figure 2 can be secure only under the following conditions: 

(i) It must be impossible to read or modify the SSN and key memories in the decoder 

(ii) It must be impossible to observe the key decryption process, or the links between the four elements (207, 208, 
212, and 213) of the decoder. 

10 

One way to achieve both of these goals is by the use of a so-called " secure microprocessor". 
Decryption l\/llcroprocessors 

15 Figure 3 shows a block diagram of a typical prior art microprocessor 320 with processor 321, program memory 

322, memory address bus 328, memory data 326 and memory data bus 327. In such a device, input data 323 is 
processed according to a program stored in program memory 322, producing output data 324. Program memory 322 
can be "read out" through memory data bus 327. That is, the memory can be stepped through by sequentially incre- 
menting memory address 325 through memory address bus 328 into program memory 322. Output memory data 326 

20 from memory data bus 327 will reveal the entire program contents of microprocessor 320, including any stored de- 
scrambling algorithm and secret serial number With such data, a pirate can easily decrypt a key transmitted through 
satellite link 205 of Figure 2. 

Figure 4 shows a block diagram of an ideal secure microprocessor 420 adapted for securing an algorithm and 
secret serial number according to one aspect of the present invention. The major difference between secure mlcro- 

25 processor 420 of Figure 4 and microprocessor 320 of Figure 3 is that both memory address bus 328 and memory data 
bus 327 are absent, so there Is no way to step through program memory 422 for the purpose of reading or writing. 
f\/iemory references are executed only by processor 421 according to its mask-programmed code which cannot be 
changed. All input data 423 is treated as data for processing, and all output data 424 is the result of processing input 
data 423. There is no mechanism for reading or modifying the contents of program memory 422 via the data inputs. 

30 Modem devices are a close approximation to this ideal secure microprocessor There is, however, one requirement 

which causes a variation from the Ideal. Following manufacture, there must be a mechanism available to write into 
memory 422 the decoder specific secret serial number 430, as well as decryption algorithm 434. If this facility were 
available to a pirate, he could modify the secret serial number for the purpose of cloning. Therefore, this facility must 
be permanently disabled after the secret serial number has been entered. 

35 A variety of techniques may be used to disable the facility for writing into the memory. Secure microprocessor 420 

could be provided with on-chip fusible data links 431 , a software lock, or similar means for enabling the secret serial 
number 430 and descrambling algorithm 434 to be loaded into memory 422 at manufacture. Then, for example, the 
fusible links shown in dashed lines are destroyed so that a pirate has no access to descrambling algorithm 434 or 
secret serial number 430 stored in program memory 422. 

40 In an alternative embodiment, the microprocessor of Figure 4 can be secured with an "E^ bit." The "E^ bit", a form 

of software lock, will cause the entire memory (typically EEPROIVl) to be erased if an attempt is made to read out the 
contents of the memory. The "E^ bit" provides two advantages; first, the memory is secured from would-be pirates, 
and second, the memory erasure will Indicate that tampering has occurred. 

A pirate would have to have access to extensive micro-chip facilities and a significant budget to compromise such 

45 a secure microprocessor The physical security of the processor would have to be breached, destroying the processor 
and contents. However, integrated circuit technology continuously improves, and unexpected developments could 
occur which might enable attacks to be made at the microscopic level which are more economic than those available 
today. Further, the worldwide market for pirate decoders for satellite transmissions would provide the economic incen- 
tive to the Increasingly sophisticated pirate electronics industry to compromise such a unit. 

50 Copying a single decoder comprising a microprocessor according to Figure 4 could lead to decoder clones based 

on the single secret serial number in that single decoder Discovery would result In the termination of that secret serial 
number, and thus termination of all of the clones. However, a pirate would also have the option of using the single 
compromised unit to recover the key. The pirate could then develop a decoder design which would accept the key as 
a direct Input. These pirate units could then be illegally distributed to subscribers, who would pay the pirate for a monthly 

55 update of the key. The consequence of a security breach could become extremely damaging to the pay television 
provider 
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Replaceable Security Module 

Pay television providers are therefore at risk if security depends exclusively on the physical defenses of the secure 
microprocessor. Figure 5 shows a device which attempts to overcome the disadvantages of the devices of Figures 1 

s and 2 by providing a security device in a replaceable security module 51 4. Replaceable security module 514 comprises 
key decryptor 513, secret serial number memory 512 and key memory 507. As in Figure 2, encoder 501 scrambles 
source program 502 comprising video signals, audio signals and data in program scrambler 503 using a key from key 
memory 504. The key is encrypted In key encryptor 510 using a secret serial number (SSN) from secret serial number 
database 511 which contains a list of the secret serial numbers of all legitimate subscribers. 

10 The same SSN is installed in secret serial number memory 512 in replaceable security module 514 which is re- 
movably attachable to decoder 506. Key decryptor 513 of replaceable security module 514 decrypts the key using the 
secret serial number stored in secret serial number memory 512. The decrypted key is then stored in key memory 507. 
Unlike Figure 2, the entire replaceable security module is removably attached to decoder 506. Program descrambler 
508 reads the decrypted key from key memory 507 in replaceable security module 514 and uses the key to desc ramble 

15 and output descrambled program 509. Removable security module 514 is designed to be replaced by the subscriber, 
preferably without any special tools and, thus, most conventionally may comprise a plug-in module. 

The use of a plug-in external module gives the pay television provider the ability to upgrade the technology in the 
security device by swapping it out at very low cost. In the event of a security breach, a new replaceable security module 
containing the program scrambling algorithm and SSN could be mailed out to authorized subscribers. The authorized 

20 subscribers could then remove the old replaceable security module from their decoder and insert the new replaceable 
security module themselves. System security is thus recovered without the expense of replacing the entire decoder or 
the expense of sending a service person to replace the replaceable security modules in each decoder. In addition, it 
is not necessary for the pay television provider to own the decoder itself. The decoder can be a generic commercially 
available unit purchased by the subscriber, or even integrated into the television itself. To initiate service, the pay 

25 television provider need only mail the replaceable security module to the subscriber and no service call is necessary. 

Although the replaceable security module has the advantages of providing a guarantee that network security is 
recoverable following a breach, it also has some disadvantages. All the security resides in replaceable security module 
514, and decoder 506 itself is a generic unit. The key signal which is generated by replaceable security module 514 
is observable at its transfer point to decoder 506. The key can, however, be changed sufficiently often to ensure that 

30 it has no value to a potential pirate. 

The problem with this approach is that a given removable security module 514 will operate with any decoder 506, 
and that tampering with replaceable security module 514 does not involve damage to decoder 506. Consequently, if 
replaceable security module 514 were to be compromised, piracy would become widespread very rapidly. 

35 Multiple Encryption Layers 

Although the devices as described above show a single key to scramble the program signal (so-called "single layer 
encryption") any of the prior art devices could also be practiced using a multiple key ("two layer", "three layer", etc.) 
scrambling system. A multiple key encryption system with particular applications to a cable television environment is 

40 described in U.S. Patent No. 4,890,31 9, to Seth-Smith, issued December 26, 1 989, incorporated herein by reference. 
Figure 6 shows an example of a prior art two layer encryption encoder 601 . Encoder 601 contains secret serial number 
database 611 which contains a list of secret serial numbers for all authorized subscribers, these serial numbers pref- 
erably being 56 bits in length. Key memory 604 stores the "Key of the Month" (KOM) which in this embodiment can be 
either an "even" key for even months (February, April, June, etc.) or an "odd" key for odd months (January, March, 

45 May, etc.). The key could also be different for each month of the year, or could be made even more unique, depending 
on the available data bits for such a key. In addition, the key could be changed more frequently or less frequently than 
the monthly basis shown here. These KOM's are preferably 56 bits in length. 

Key encryptor 610 encrypts the key selected from key memory 604 and outputs a series of encrypted keys Bqq^ 
[KOM] each encrypted with a secret serial number from secret serial number database 611, to data multiplexor 635. 

50 Seed memory 636 contains a "seed" which is used for scrambling the audio and video signals. The "seed" can also 
be a data code or a signal similar to the key described above. Preferably the seed changes every 1/4 second. Seed 
encryptor 637 encrypts the seed with the key of the month and outputs the encrypted seed EkomI^EED] to data mul- 
tiplexor 635. Thus the key has been encrypted with the secret serial number, and the seed encrypted with the key 
Neither the key nor the seed can be easily recovered during transmission. 

55 In this embodiment, source program 602 comprises a Multiplexed Analog Video (MAC) signal 639 with the typical 

chrominance and luminance signals described previously, along with multiplexed audio data 638 which may comprise 
several different audio and non-audio (data) signals. For example, there may be at least two channels of audio (stereo) 
and additional channels of teletext for the hearing impaired. In addition, there may be additional channels of audio 
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related to the video signal such as foreign language translations, unrelated audio signals such as radio programs or 
data signals such as subscriber messages, computer data, etc. All of these signals are digitized and multiplexed to- 
gether, as is well known in the art. and the resulting multiplexed analog components, data 638 is then ready to be 
scrambled. 

5 The seed passes through pseudo-random bit sequencer (PRBS) 643 and then is added to multiplexed audio data 

638 in adder 644. Together, pseudo-random bit sequencer (PRBS) 643 and adder 644 comprise a bit-by-bit encryptor 
645 as is well known in the art. The resulting scrambled multiplexed audio data is then passed to data multiplexor 635 
and is multiplexed with the encrypted seed and key. 

MAC video signal 639 is scrambled in line translation scrambler 603 which scrambles the lines of the MAC signal 

10 using the "seed" from seed memory 636 for the scrambling algorithm. The resulting scrambled MAC signal is then sent 
to multiplexor 632 which multiplexes the scrambled MAC signal with the output from data multiplexor 635. The multi- 
plexed data output of data multiplexer 635 is modulated into pulse amplitude modulation (RAM) format by P.A.M. mod- 
ulator 645. The output B-MAC signal 646 contains MAC video signal 639 and multiplexed PAM audio data 638, both 
scrambled with the seed, along with the seed encrypted with the key of the month, and a series of keys of the month 

75 which have been encrypted with the secret serial numbers of the subscriber's decoders, all multiplexed together 

In order to descramble the B-MAC signal 646, a pirate must be able to decrypt one of the encrypted keys, and use 
that key to decrypt the seed. However, as in the single layer encryption device described in Figure 2, the pirate only 
needs to compromise one of the decoders In order to obtain a secret serial number, and thus decrypt the key. With the 
key, a pirate can then decrypt the seed, and with the seed, descramble the program signal. Additional "layers" of 

20 encryption (i.e. - more seeds and keys) make pirating more cumbersome, as the pirate must decrypt more seeds and 
keys, however, once the first key has been decrypted, the subsequent keys and seeds can be decrypted as well. In 
the embodiment shown in Figure 6, keys need be decrypted every month for the pirate to be able to descramble the 
program signal all year. The secret serial numbers, seed, and key, as used in Figure 6, can be used effectively by the 
pay television provider to terminate a particular decoder by secret serial number and generally discourage piracy by 

25 amateurs. However, while this system has not yet been compromised, a determined pirate may compromise such a 
multi-layered encryption system with the aid of a compromised decoder, the heart of such piracy being the gaining of 
access to a secret serial number 

A particular problem involves the transmission of the encrypted seeds and/or encrypted KOM's with the encrypted 
program signal to individual subscribers who may have their own antenna, commonly a backyard reception dish. Re- 

30 f erring to Figure 11, prior systems used a central control 1181 to insert addressed data packets or other subscriber 
related information into the program signals to authorize those individual receivers who receive encrypted signals 
directly, not through a local distributor. Central control 1181 would transmit addressed data packets, via dedicated lines 
1185, to uplink broadcaster 1183 (e.g.. Home Box Office, Cinemax, etc. ) who would in turn multiplex the addressed 
data packets with their program signals, usually encrypted. The signals would be transmitted to satellite 1105 and then 

35 back to an individual receiver 11 89 typically through backyard reception antenna 1187. If a individual desired to receive 
certain programs, they would place a call through phone line 1188 to central control 1181 . Central control In turn would 
relay the individual's authorization request through dedicated lines 1185 to uplink broadcasters 1183. Uplink broad- 
casters then would multiplex the individual's new authorization code with their particular encrypted program signals. 
The signals would then relay through satellite transponder 11 05 to the individual's antenna 11 87 and into their decoder 

40 box where the new authorization request would permit them to decrypt the new program signals. Such a system is 
currently used by General Instrument's Video Cypher 11- TM system. Importantly, due to the transmission limitations 
of dedicated lines 1185, typically telephone lines, a broadcaster could not rapidly address all subscribers. 

An additional problem with the prior art involve the upgrading of current television decoders to accept digital tele- 
vision signals. Previously, local cable television distributors would have to replace all existing converting boxes in 

45 subscriber homes with new converter boxes which could accommodate digital television signals. This was costly be- 
cause new decoder boxes would have to be distributed and the old boxes collected and often times destroyed. Alter- 
natively, a local cable television distributor could distribute new decoder boxes which would only accept digital television 
signals. Thus, subscribers would have their original decoder box which would accept analog signals while the new box 
would accept digital signals. This too was costly as many circuits within the two boxes would be redundant, additional 

50 spliters would have to be added at a subscriber's home to provide for two coaxial inputs to the boxes, in addition to 
other annoyances previously mentioned. 

In view of the deficiencies of the above prior art devices, it still remains a requirement in the art to provide a 
scrambling system for pay television systems which does not reply solely on the physical security of the decoder 
components to maintain system integrity 

55 

SUMMARY OF THE INVENTION 

The invention is defined in the claims to which reference should now be made. 
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It is an object of the present invention to provide a decoder with a data interface for a removable security module. 

It is a further object of the present invention to provide a replaceable security module capable of performing all the 
functions performed by the internal security module. 

It is further object of the present invention to provide a system of double-encrypting the key using two different 
5 secret serial numbers respectively assigned to a subscriber's decoder and removable security module. 

It is a further object of the present invention to provide a replaceable security module for a television signal decoder 
where the replaceable security module will work with only one decoder and cannot be used with another decoder 

It is still a further object of the present invention to provide a decoder where external security modules may be 
replaced without any disruption in a subscriber's reception of authorization signals. 
10 It is yet a further object of the present invention to provide a method of transmitting the same authorization signals 

on multiple channels, to individual subscription television receivers. 

It is yet a further object of the present invention to provide a low cost method of easily converting a decoder box 
to accept both analog and digital television signals without redundant circuitry. 

Many of the above-stated problems and related problems of the prior art encryption devices have been solved by 
IS the principles of the present invention which is able to twice-encrypt the key prior to transmission, first with a first secret 
serial number (SSNq) of the subscriber's replaceable external security module, and again with a second secret serial 
number (SSN^) of the subscriber's decoder. The double-encryption technique discourages copying the replaceable 
external security module, as each replaceable security module will work only with its mating decoder. The system also 
allows the replaceable security module to be replaced following a system breach, thus allowing for recovery of system 
20 security. Furthermore, the present invention allows for uninterrupted transmission of decrypted signals upon replace- 
ment of the external security module by providing three steps of decryption. First, incoming signals are decrypted using 
the second secret serial numbers of the subscriber's decoder, before a new replaceable external security module is 
inserted into the decoder. Second, a valid key of the month (KOM) is delivered to the internal security module where 
it is decrypted using an alternate secret serial number (SSN). The packet is then forwarded to the new external security 
25 module where it is further decrypted and the valid KOM is stored. Finally, decryption of incoming signals are then routed 
to the external security module which becomes the active security element. 

The system comprises an encoder for encoding a signal, the encoder further comprising a signal scrambler and 
a first and second key encrypters. The signal scrambler scrambles the signal and outputs a scrambled signal and a 
key for descrambling the scrambled signal. The first key encryptor is coupled to the signal scrambler and performs a 
30 first encyrption on the key using a first secret serial number and outputs a once-encrypted key. The second key encryptor 
is coupled to the first key encryptor and performs a further encryption on the once-encrypted key using a second secret 
serial number and outputs a twice-encrypted key. 

The system further comprises a transmitter coupled to the signal scrambler and the second key encryptor for 
transmitting the scrambled signal and twice-encrypted key 
35 The system further comprises a routing manager/decoder coupled to the transmitter for receiving and descrambling 
the scrambled signal. The decoder comprises first and second key decryptors and a descrambler In the twice encrypted 
mode, the first key decryptor is coupled to the transmitter and performs a first key decryption on the twice-encrypted 
key using the second secret serial number and outputs a partially decrypted key The second key decryptor is coupled 
to the first key decryptor and perform a second key decryption on the partially decrypted key using the first secret serial 
40 number and outputs the decrypted key. The descrambler is coupled to the second key decryptor and the transmitter 
and descrambles the scrambled signal using the decrypted key and outputs the descrambled signal. The decoder may 
function without the use of a replaceable security module. In the event of a system breach or a service level change, 
a replaceable security module may then be inserted into the decoder to "upgrade" the decoder 

In another embodiment of the present invention, authorization signals are transmitted from a master uplink through 
45 a satellite transponder into a loop-back uplink. At the loop-back uplink, program audio and video signals are combined 
with the authorization signals and sent back to the satellite transponder then to an individual subscription television 
signal receiver 

In a further embodiment of the present invention, an easily connectable module or "side-car" is described which 
permits a standard decoder box to accept both analog and digital television signals. This digital side-car is capable of 
50 upgrading existing converter boxes without the duplication of non -video components. 

These and other objects and advantages of the invention, as well as the details of an illustrative embodiment, will 
be more fully understood from the following specification and drawings in which similar elements in different figures 
are assigned the same last two digits to their reference numeral (i.e., decoder 706 of Figure 7 and decoder 806 of 
Figure 8). 

55 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 shows an example of a prior art conditional-access system for satellite transmission with a key signal sent 
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in the clear to the decoder 

FIG. 2 shows an example of a prior art conditional-access system for satellite transmission using a single key 
encryption technique. 

FIG. 3 shows an example of a prior art microprocessor without a secure memory. 
s FIG. 4 shows a secure microprocessor with a secure memory and fusible data links adapted for storing an algorithm 

and secret serial number according to the present invention. 

FIG. 5 shows an example of a conditional -access system tor satellite transmission with a replaceable security 
module containing a first secret serial number. 

FIG. 6 shows another prior art conditional-access system for satellite transmission using an additional layer of 
10 encryption, 

FIG. 7 shows one exemplary embodiment of the conditional-access system of the present invention with an encoder 
encrypting the key with both a first and second secret serial number, a satellite transmission system, and a decoder 
containing a first secret serial number and a replaceable security module containing a second secret serial number 

FIG. 8 shows an expanded view of the decoder of FIG. 7 
15 FIG, 9 shows a frame format for an addressed data packet. 

FIG. 9 A shows a frame format for a system data packet. 

FIG. 10 shows communications between a secure microprocessor, either internal or external, and the routing 
manager 

FIG. 11 shows a prior art system of transmitting authorization signals and addressed data packets between a 
20 central control and an individual television subscriber 

FIG. 12 shows another embodiment of the present invention for transmitting the same authorization signals on 
multiple channels from a central control to an individual television subscriber 

FIG. 13 shows another embodiment of the present invention where the decoder depicted in FIGS. 7 and 8 may 
be easily upgraded to accept both analog and digital television signals. 

25 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

Figure 7 shows the encryption system of the present invention comprising an encoder 701 for encoding a source 
program 702 for transmission over a satellite link 705 to at least one decoder 706. According to Figure 7, the key is 
30 encrypted and addressed to individual decoders, similar to the device in Figure 5. However, in this case, the key may 
be encrypted twice. 

Encoder 701 has an active security selection memory 721 containing the active security selection. The active 
security selection selects the fixed security element 719 or the replaceable security element 714 as the active security 
element. Only the active security element will received B-MAC signals and supply the seed to the program scrambler 
35 703. 

A key memory 704 contains the active security selection 721 and the seed used to scramble program 702 in program 
scrambler 703. Alternatively, as in FIG. 6, key memory 604 could contain keys of the month (KOMs) which are used 
to encrypt a seed. This seed is used to encrypt the source program 702. In this double encryption technique, the KOM 
is first encrypted in first key encryptor710 with a first secret serial number (SSNq) stored in SSNq database 711. The 

40 KOM is further encrypted in second key encryptor 71 5 with a second secret serial number (SSN-, ) from SSN^ database 
716. This process continues for each SSN so as to produce a series of encrypted keys which are then multiplexed with 
the scrambled program via multiplexer 732 and transmitted via satellite link 705. 

Decoder 706 receives and demultiplexes the encrypted program and encrypted keys via demultiplexer 733 and 
performs a first key decryption in internal security module 719 which is an integral part of the decoder 706. A second 

45 decryption takes place in a replaceable external security element 714 which is mounted on the exterior of the decoder 
706, for example, as a plug-in module. Alternatively, the encrypted key could be sent separate from the encrypted 
program over two separate channels as described in copending application serial number 473,442, incorporated herein 
by reference. 

Internal fixed security module 719 is the default security element when the replaceable external security module 
so 714 is not installed. Internal security module 719 will receive system data routed from routing manager 708. The au- 
thorization and control data will preferably comprise or include addressed data packets as depicted in FIG. 9 and 
system data packets depicted in 9A. Addressed data packets 9e include preferably a 28 bit user identification number 
or address 9a which is sent unencrypted. This user address corresponds to a user address contained in both internal 
and external security modules 719 and 714. The routing manager 708 senses the unique user address of only internal 
55 security module 71 9 and correspondingly routes the entire addressed data packet 9e to the specified security module. 
Following the user address are two unencrypted bits 9b and 9c. The first bit 9b determines whether the addressed 
data packet is to be ultimately routed to the internal security module 719 or to the external security module 714. The 
second bit 9c determines whether the information which follows, encrypted information 9d, is encrypted either once or 
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twice. If bit 9c indicates double encryption, then both the internal security module 719 and the externa! security module 
714 are required to decrypt it. The bits of encrypted data 9d would include authorization and control data, e.g., the key 
of the month, subscriber authorization data such as user tier information, pay-per-view infomnation, or other subscriber 
specific or decoder specific data. Generally, authorization data determines whether a particular subscriber or decoder 
5 is authorized to receive and decrypt a particular program or view pay-per-view programs, etc. Control data may include 
signals to determine where data packets are routed, energy management data, burglar alarm data, or other decoder 
component enabling signals. 

Table 1 shows how addressed data packets 9e are routed depending upon the value of bits 9b and 9c. 



TABLE 1 



Destination Bit 9b 


Encryption Bit 9c 


Routing of Address Data Paclcet (ADR) Result 


internal 


single 


ADP to internal security module only 


internal 


double 


ADP to external module first, then to internal 


external 


single 


ADP to external security module only 


external 


double 


ADP to internal module first, then to external 



The system data packet shown in Figure 9 A contains program specific information and is sent and processed by 
all decoders. The system data packet 9h includes an internal/external destination bit 9f similar to bit 9b in addressed 
data packet 9e. Bit 9f determines where the system data packet is routed by routing manager 708, specifically whether 
packet 9h is routed to the internal or the external security module. The information following, 9g, is encrypted data 
including the encryption seed, program tier information which determines in which tier the particular program is located, 
the cost of the program for pay-per-view purposes, checksum bits, and any additional information which is specific to 
the program or channel in which system data packet 9h is transmitted. Restating, system data packets 9h are specific 
to a particular program or channel, and are preferably inserted by program broadcasters (shown as 1183 in Figure 11 
and 1286 in Figure 12). Each program is preferably encrypted with its unique seed. 

As discussed earlier with reference to Figure 6, the internal and external security modules must first receive and 
decrypt their unique addressed data packets to recover the key of the month. Using this key of the month then, the 
internal and external security modules would use this key of the month to decrypt the seed from system data packets 
9h. Finally the seed is sent from the security module through routing manager to video descrambler 873 or audio/data 
decryptor 874 so as to decrypt a program video or audio. 

All data contained in addressed data packet 9e and system data packet 9h may be processed by the internal 
security module 719. Similarly the external security module 714 may replace the functionality of the internal security 
module 719 when it is installed. External security module 714 will be used as the active security element when directed 
by unencrypted data bit 9f of system data packet 9h. This allows external security module 714 to be deployed, inserted 
and authorized with addressed data packet infomnation (particularly, KOM's) before the system switches the active 
security element from the internal security module 719 to the external security module 714. This process will be de- 
scribed more fully below. As previously mentioned, addressed data packets 9e contain user addresses 9a which is 
unencrypted and unique to each internal security module 719. The external security module 714 also has a unique 
user address which is used to track location of external modules. Once the external security module 714 is inserted, 
it may customize itself to the user address of the internal security module 719 by having the user address of internal 
security module 719 route its address to external security module 714 which may store this address in secure memory 
720. 

The addressed data packets 9e are used to deliver decoder specific information to a single decoder, preferably 
using the loop-back method described below with respect to Figure 12. In a B-MAC television signal, the addressed 
data packets are preferably transmitted during the vertical blanking interval of each frame as discussed in the back- 
ground of the invention. Each subscriber would have a unique address data packet corresponding to their decoder 
706. Each decoder is assigned a single unique user address and a corresponding secret serial number (SSN). The 
user address and corresponding secret serial number are not identical, nor or they related. Preferably the secret serial 
numbers are generated using a random number generator. When an address data packet with a corresponding user 
address is received, the packet can be decrypted thus revealing the KOM and data. All decrypted data (e.g., KOM's, 
tier data, PPV, etc.) is held within a secure memory within the module (707 or 720). The packets preferably contain a 
checksum which is used to verify both correct reception and decryption of the data. All addressed data packets are 
received by the routing manager 708, and, depending upon the value of bit 9b, sent to the indicated security module 
for decryption. The decrypted and stored data is used by the conditional access software or program authorization 
software contained within the security modules to determine whether a particular program is to be decrypted depending 
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upon a subscriber's tier, pay-per-view account, etc. Security modules 71 4 and 71 9 also determine whether a particular 
piece of encrypted data is to be placed within its secure memory module. For example, the call back telephone number 
used by modem 875 need not be stored in the secure memory, and thus, is passed to the modem. 

Both replaceable security module 714 and an internal security element 719 of decoder 706 may be constructed 

s according to the principles of Figure 4. For example, the second secret serial number SSN^ may be loaded into SSN^ 
memory 71 7 of module 714 via fusible links, and then these links destroyed during manufacture. Similarly, SSNq mem- 
ory 712 of internal security element 719 may be loaded during manufacture over a fusible link and then the link de- 
stroyed. Also over a fusible link, algorithms may be loaded into key decryptors 718, 713 during manufacture and the 
fusible links subsequently destroyed 

10 The replaceable security module provides the pay television provider with the option of replacing system security 
by mailing out new replaceable security modules to all authorized subscribers. Returned replaceable security modules 
714 could be re-used for a different decoder if the links were not destroyed by reprogramming the SSNq and SSN^ 
databases 711 and 716 to correspond to the combination of the first secret serial number of decoder 706 with the 
second secret serial number of security module 714. Preferably, the returned replaceable security modules 714 are 

15 destroyed, and a new replaceable security module 71 4 sent to a subscriber, incorporating changes and improvements 
in the security technology to thwart potential pirates. In the event of a security breach, it is only necessary to replace 
the replaceable security module and not the complete decoder in order to restore system security Most advantageously 
the subscriber replaces the external security module without special assistance, and returns the old module to the 
service provider. 

20 Referring to Figure 8, an enlarged picture of encoder 706 is shown, particularly, program descrambler/routing 

manager 708 is more fully depicted. Incoming television signals, preferably B-MAC television signals, are input into 
demultiplexer 833. The demultiplexer separates video, digital audio, teletext, and authorization and control data. The 
authorization and control data, particularly addressed data packets 9e and system data packets 9h, are input into 
display and communication processor 870. Demultiplexer 833 also provides error correcting and data recovery for the 

25 incoming signal. Furthermore, the incoming signal is formatted into a form which is more easily usable by the display 
and communications processor 870. 

The authorization and control data, particularly addressed data packets 9e are input into the user interface logic 
871 and the security routing manager 872 of the display and communication processor 870. Specifically, the incoming 
data rate is usually too fast for processor 870 to handle, therefore demultiplexer 833 stores and formats the data, and 

30 inputs it as a parallel stream into user interface logic 871 and security routing manager 872. If the addressed data 
packet 9e contains the unique user address 9a of this particular decoder 806 and the decryption bit 9c is set to single 
encryption, user interface logic 871 commands security routing manager 872 to pass the addressed data packet into 
internal security module (inboard security element or ISE) 819, if destination bit 9b is so set. Alternatively, if destination 
bit 9b is set for the external security module 814, security routing manager 872 forwards the address data packet 

35 through coupler 879 to the external security module (outboard security element or OSE) 814. See Table 1. 

If encryption bit 9c is set for single encryption, then depending upon destination bit 9b, either the internal or external 
security module decrypts the encrypted address data packet information 9d. Once the KOM is decrypted, It is stored 
in secure memory 720 and 707. then used to decrypt the seed. This seed, preferably changing very f req uently compared 
with the KOM, for example, every 1/4 second, is then routed from either the internal or external security module through 

40 routing manager 872 to video descrambler 873 or audio/data decryptor 874. The seeds are used in video descrambler 
873 and audio/data decryptor 874 to decrypt the video and audio/data respectively Since the seed changes so fre- 
quently, every 1/4 second, it is not critical that the seed is sent unencrypted to video descrambler 873 and audio/data 
decryptor 874. 

If encryption bit 9c is set for doubling encryption and destination bit 9b is set to external, then an incoming addressed 
45 data packet 9e is partially decrypted first in the internal security module using a first secret/confidential serial number, 
and then finally decrypted in the external security module using a second secret/confidential serial number The KOM 
is once again stored in secure memory 720 and is used to decrypt the seed. 

Coupler 879 is also connected to audio/data decryptor 874 to allow for the audio/data decryptor to be upgraded 
by an external security module 814 which could contain additional decrypting algorithms directed to audio/data only 
50 This would provide for increasing security of encrypted audio if current encryption of the audio had been compromised. 

Telephone modem 875 may include a microprocessor to allow either the internal or external security modules 819 
and 814 to communicate to encoder 701 or other facilities via telephone lines. This feature will be discussed more fully 
below. 

Also shown in Figure 8 are front panel display 878 which includes input buttons for a subscriber and a display 
55 preferably on the front of decoder box 806. On-screen displays/teletext 877 provides for on-screen messages or teletext 
to be either overlayed or displayed on a subscriber's television screen. 
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Transferring Security Functions Between Modules 

The process of transferring the security functions fronn the internal security nnodule to the external security module 
will be described now. Initially, all security functions are performed by internal security module 71 9. If a security breach 

s occurs, it may be defended against by manufacturing and distributing external security modules with instructions for 
installation into decoder 706. At this point, the external security element does not have a valid key of the month in its 
secure memory 720 nor any appropriate tier and event numbers for the particular subscriber Therefore, the external 
security element 714 cannot yet perform any independent security functions. 

The KOM is delivered to the internal and external security modules using encrypted addressed data packets 9e. 

10 Because the external security element is installed to upgrade security, the addressed data packets for the internal 
security module and the extemal security module are encrypted differently using KOM's unique to each internal and 
each external security module. Therefore, the non-encrypted bit 9b determines the destination of the address data 
packet 9e, as shown in Table 1 above. 

During this transition stage, addressed data packets carrying the next KOM are transmitted with destination bit 9b 

15 set to the extemal security module, with encryption bit 9c set to double encryption. The routing manager 708 still 
delivers the address data packet 9e to the internal security module first, but now the internal security module decrypts 
the address data packet 9d using an alternate secret serial number contained within its secret serial number memory 
712. This alternate secret serial number is not the one which is normally used by the internal security module for 
decrypting addressed data packets 9d. The result of this decryption using the alternate secret serial number is passed 

20 back to the routing manager 872 and forwarded to the external security module 814 for final decryption using the secret 
serial number of the external security module. Thus, the key of the month is twice encrypted, first with the alternate 
secret serial number and second with the extemal security module's secret serial number This twice encryption pre- 
vents casual migration of external security modules between decoders 706 since both decoder-specific decryptions 
must be successful. Restating, the KOM is twice encrypted during the transition stage with a secret serial number 

25 stored in the secure memory of the internal security module, and a secret serial number stored in the secure memory 
of the external security module for each internal and extemal security module in existence. 

If the KOM was not twice encrypted with an alternate SSN, then a pirate could alter destination and encryption 
bits 9b and 9c to transmit a decrypted KOM between security modules, and thus intercept is during transmission. By 
using the alternate SSN, if tampering of destination and encryption bits occur, the intemal security module would believe 

30 the encrypted KOM were encrypted using the regular SSN, and thus could not decrypt the KOM. Only partially decrypted 
KOM's are passed between modules and only in the double encryption state. The present system prohibits the use of 
exchanging external security modules between decoders since both SSNs must correspond with a twice encrypted 
KOM. 

When the next KOM has been transmitted to and stored in all decoders 706, then the encoder 701 preferably 

35 changes the system data packet destination bit 9f to the extemal security module and encryption bit 9c to double 
encryption. The extemal security module 714 now becomes the active security element and assumes all security 
functions. Thus, the decrypting seeds are now decrypted with the KOM and released from the external security module 
714 through security routing manager 872 to the video descrambler 873 and audio/data decryptor 874. Since the 
external security module now also contains the subscriber's authorization data such as program and sen/ice tiers, and 

40 pay-per-view event authorization in its secure non-volatile memory, it may conditionally release seeds to decrypt spe- 
cific programs independent from the internal security module. Similarly, being an independent security module, the 
external security module may record impulse pay-per-view event purchases from the user interface logic 871 and 
upload this information to a phone manager via telephone modem 875 using encrypted communications as described 
below. Encryption bit 9c may be changed to single encryption if so desired. The reason for adding an extemal security 

45 module is to recover security after the internal security module had been comprised. Thus, in the preferred embodiment, 
double encryption is used and the external security module becomes the active security element upon compromise of 
the internal security module. 

Once external security modules have been deployed, new security functions (including new secret serial numbers, 
encrypting algorithms, software or physical security) may be incorporated into the intemal security module so that an 

so external security module is not required in new decoder boxes which are distributed after external security modules 
have been distributed. Still, an empty coupler 879 is provided for future external security modules. To provide for 
compatible transmission to future extemal security modules, the internal security module in these new decoder boxes 
must functionally emulate the previous-generation internal security module, as well as perform the same function as 
the internal-external security module combination, and it must respond to both address data packet destination bit 9b 

ss and encryption bit 9c. 

If a previously distributed external security module is compromised, a new external security module is deployed, 
with the subscriber removing the old and inserting the new. The new extemal security module will not have the key of 
the month, or the subscriber's authorization and control data such as tiers or event numbers. Therefore, to maintain 
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continuity of service, all security and authorization functions are temporarily returned to the internal security module. 
Prior to distribution/mailing of the new external security modules, addressed data packets are transmitted with the 
destination bit 9b set to the internal security module and encryption bit 9c set to single encryption. Thereafter, the 
previously described steps are performed with encryption bit 9c changing to double encryption to allow the new KOM 

5 to be twice decrypted and stored in the new external security module. Finally, security, authorization and control func- 
tions are switched to the external security module with encryption bits set for either or double. 

Summarizing, if a system breach occurs, the pay television provider then mails out replaceable external security 
modules to subscribers, switches decryption to the internal security module until all decoders have the new KOM, then 
uses decryption through the external security module only or uses the double encryption technique, and thus recovers 

10 system security. The optional usage of the replaceable external security module has other attractive benefits as well. 
Subscribers who do not pay for any premium channels may not be sent a replaceable security module, as the "basic" 
channels may only use a once-encrypted key or may even be sent in the clear. If the subscriber wishes to upgrade to 
a premium channel or channels, the pay television provider may then mail that subscriber the appropriate replaceable 
security module. 

T5 In addition, the replaceable security module may be used to add other additional features. Many cable television 

systems offer optional services such as IPPV (Impulse-Pay-Per-View) which require two-way communication between 
the decoder 706 and the headend. In the past, if a subscriber wished to upgrade to IPPV service, a subscriber's decoder 
would have to be altered by inserting a IPPV module internally or by adding an IPPV "side car" externally Alternatively, 
the entire decoder would have to be replaced. All three options would necessitate a service call, causing inconvenience 

20 to the subscriber, and expense to the pay television provider. Similarly when a pay television provider wishes to upgrade 
its entire encoder/decoder system , it must provide a new decoder to each subscriber which will work in the interim with 
both the old and new encoding techniques, as it is nearly impossible to replace all subscriber decoders simultaneously 
Thus a decoder manufacturer is faced with the added expense of providing his state-of-the-art decoder with extra 
circuitry in order to function with the pay television provider's old encoder for the few months during the change over 

25 period. 

In all of the above instances of upgrading existing service, the replaceable security module 714 may be used to 
upgrade the decoder 706 without the expense and inconvenience of a service call. The replaceable security module 
714 may be mailed to the subscriber and the subscriber can then insert the replaceable security module 714 and 
instantly upgrade the decoder or add additional features (such as IPPV), alter the decoding technique, or provide an 

30 additional level of security. Preferably, IPPV is incorporated within the decoder 706. Notably, the replaceable security 
module 714 may add additional software features to the decoder. 

The replaceable security module 714 may take one of several forms. In the preferred embodiment, the module 
may comprise a "smart card", a plastic "credit card" with a built-in microprocessor (such as a 68HC11 microprocessor), 
such as described by the International Standards Organization in standard ISO 7816/1 and IS07816/2. Attention is 

35 drawn to U.S. Patent No. 4,841,133 issued June 20, 1989 and incorporated herein by reference, describing such a 
"smart card. " The "smart card" may be equipped with a series of electrical contacts which connect to contacts in coupler 
879. Preferably 1 6 contacts are provided so as to allow for plenty of expansion room it additional features are included 
in the future, since only 6 to 8 of the contacts would be used by the present invention. The contacts may provide power 
to the card, along with clock signals and data transmission. Additional contacts may be provided to allow connection 

40 between coupler 879 to audio/data decryptor 874. These additional contacts would allow for additional decrypting 
algorithms to be applied in conjunction with or independent from those decrypting algorithms contained in decryptor 
874 or for some other purpose. 

Use of Telephone Controller/Modem 

45 

Pay-per-view programming is defined here as any programming where the subscriber can request authorization 
to watch a particular program. In many pay television systems, pay-per-view programming is used for sporting events 
(boxing, wrestling, etc.) which are not transmitted on a regular basis. A subscriber wishing to view the event must 
receive authorization in the form of a special descrambler mechanism, or in the form of a special code transmitted or 
50 input to the subscriber's decoder. Some pay-per-view television systems allow the subscriber to request a pay-per- 
view program (i.e. - movies) to watch. The pay television provider then transmits the requested program and authorizes 
that subscriber's decoder to receive the signal. 

Impulse pay-per-view (IPPV) programming is defined here as any programming where the subscriber has a pre- 
authorized number of "credits" saved in his individual decoder. If a subscriber wishes to view a particular program, the 
55 subscriber merely actuates the decoder, the appropriate number of credits are subtracted from the subscriber's re- 
maining credits, and the subscriber is immediately able to view the program. Pay television systems are disclosed, for 
example, in U.S. Patent No. 4,484,217 and 4,163,254 to Block, incorporated herein by reference. 

In a pay-per-view embodiment of the present invention, the decoder may send a signal to the headend via the 
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telephone controller/modem 875 with a request for authorization to decode a pay-per-view program. Preferably how- 
ever, secure nnemories 720 and 707 store authorization information (i.e. -credits) for pay-per-view programming, and 
the security modules fonward actual pay-per-view data via the telephone controller/modem 875 at a later time. 

The telephone controller 940 could be a computer modem type device, or could work using touch-tone signals to 

5 communicate with the headend. Preferably, the telephone controller is a modem type device, communicating with the 
headend using a frequency shift keying or FSK protocol. Attention is drawn to U.S. Patent No. 4,926,444, issued f^ay 
15, 1990, describing FSK operation and incorporated herein by reference. The pay television provider can thus send 
appropriate authorization information (TEL) to the subscriber, encrypted with a subscriber's secret telephone number 
(STN). The secret telephone number is not a telephone number in the ordinary sense, but rather another type of secret 

10 serial number, which could be assigned to a given telephone controller/modem 875 or series of telephone controllers. 
Once received by processor 870 of decoder 906, the authorization information may be routed and used to enable 
desc rambling of a particular pay-per-view program or programs. 

In another embodiment, which could be used in conjunction with the pay-per-view embodiment described above, 
the telephone controller/modem can be used to receive the KOI^ encrypted with the secret telephone number. The 

15 encrypted program signal is input to decoder 806 through modem 875 into processor 870. f^^odem 875 must be capable 
of providing the functions of demultiplexer 833 so as to separate the addressed data packets 9e, input them into 
processor 870 which will then route them to the prescribed security module. 

The telephone controller 875 can be programmed to call the headend at a predetermined time or at a predetermined 
time interval, or upon receiving a signal from the headend preferably when phone usage is at a minimum (i.e. - early 

20 morning hours). The telephone controller can call the headend via a toll free 1-800 number, a so-called "watts" line, 
or via a local call to a commercial data link such as TY(\^NET or TELENET Preferably, the present invention would use 
the data return system described in application entitled DATA RETURN FOR A TELEVISION TRANSMISSION SYS- 
TEM, having serial number , incorporated herein by reference. Once the call is connected and communi- 
cations established, the decoder 806 uploads to the headend a record of pay-per-view usage encrypted with the secret 

25 telephone STNi . The headend may then download data similarly encrypted to the decoder 806 including new keys, 
secret serial numbers, or decryption algorithms. The encrypted key or other encrypted data may be sent to either 
internal security element 819, or the replaceable security module 814. The information transmitted from the headend 
may come via the telephone line through modem 875 into processor 870 or preferably through the satellite TV input 
into box 833 and on into processor 870. 

30 As discussed above, a new secret serial number or decryption algorithm, encrypted with the secret telephone 

number, may be sent from the headend to a decoder through telephone controller 875. The encrypted secret serial 
number or decryption algorithm is then decrypted and stored in the selected security modules. This downloading of 
decryption algorithms and secret serial numbers via the telephone controller 875 is sometimes called an "E^ patch", 
and allows the pay television provider to maintain or recover system security by loading new information into a decoder's 

35 EEPROM. An E^ patch does not necessarily entail changing the entire decryption algorithm in the decoder 806. The 
secret serial number or merely a portion of the decryption algorithm, such as a particular byte or data table need only 
be changed in order to sufficiently alter the decryption algorithm. The E^ patch allows the pay television provider or 
upgrade the encryption system to fix "bugs" and recover system security. 

After receiving a signal through the telephone controller 875, the headend will send an acknowledgment signal to 

40 the decoder, indicating that information has been received. Similarly, after data has been downloaded from the headend 
to the decoder through the telephone controller/modem, the decoder will return an acknowledgment signal through 
modem 875 to the headend that data has been received. Hereto, the present invention would preferably use the data 
return system described in application entitled DATA RETURN FOR ATELEVISION TRANSMISSION SYSTEM, having 
serial number , incorporated herein by reference. 

45 In addition to pay-per-view requests or records, telephone controller 875 can also be used to upload other signals 
from the decoder. For example, tamper protection information such as described in connection with Figure 4 can be 
sent indicating whether or not the decoder has been tampered with. Further, program viewing information can be 
uploaded to the pay television provider for television rating purposes (i.e., - Nielson ratings). 

In general, any data that can be delivered via the B-MAC input of Figure 9 (or NTSC, PAL, SECAM, etc.) can also 

so be downloaded through the telephone controller 875. Such information includes, but is not limited to, blackout codes, 
tiering information, personal messages, number of available credits, group identification numbers, and other system 
data. Generally, the telephone controller 875 is used for infrequent communications, such as periodic security level 
changes and IPPV requests, due to the limited bandwidth of telephone lines and the increased cost of sending infor- 
mation via telephone versus the B-MAC input. 

55 The telephone information (TEL) encrypted with the secret telephone number (STN) remains encrypted throughout 
the decoder 806 and may only be decrypted in the security modules. The decrypted telephone information does not 
pass out of the security modules, in order to prevent observation by a pirate. For decoder 806 to desc ramble a scrambled 
program, both the telephone information and the addressed data packet received through the B-MAC input must be 
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present. By relying on both information sources, piracy is virtually impossible, as the potential pirate must break into 
the pay television provider's telephone system as well as decrypt a twice-encrypted key. 

Figure 10 shows communications between a secure microprocessor, either internal or external, and the routing 
manager. Decoder 1006 comprises secure microprocessor 1050 with secure memory 1052. Secure memory 1052 

s contains a set of secret serial numbers SSNq, a secret telephone number STNq unique to that decoder or a series of 
decoders loaded during manufacture and secured with an "E^ bit" as discussed in connection with Figure 4 or other 
security, the encryption algorithm E, and other authorization information. Encrypted program signal Ekomo(SYS) 1053 
and once-encrypted key-of-the-month Essno(KOMO) 1054 are input to decoder 1006 along with optional encrypted 
telephone data Estno(TEL) 1055. 

10 Secure microprocessor 1050 decrypts encrypted telephone data Estno(TEL) 1055 using the secret telephone 
number STNq stored in secure memory 1052. The decrypted telephone data (TEL) is also stored in secure memory 
1052 to prevent observation by pirates. The telephone data (TEL) may provide authorization information to decoder 
1006 as to whether decoder 1006 Is presently authorized to decrypt some or all of the received encrypted programs. 
In addition, other information may be transferred between the decoder and the headend as discussed in connection 

15 with Figure 9. 

Transmission of Addressed Data Packets 

Regarding the transmission of the encrypted signal with the addressed data packets 9e, previous systems incor- 
20 porated a central control at the broadcasting uplink. As previously discussed and referring to Figure 11 , prior systems 

used a central control 1181 to insert addressed data packets or other subscriber related information into the program 

signals to authorize those individual receivers who receive encrypted signals directly not through a local distributor. 

Central control 1181 would transmit addressed data packets, via dedicated lines 1185, to uplink broadcaster 1183 (e. 

g., Home Box Office. Cinemax, etc.) who would in turn multiplex the addressed data packets with their program signals, 
25 usually encrypted. 

Under the new system and referring to Figure 1 2, a subscriber authorization computer 1 282 and supen/isory control 
computer 1280 are provided which input the same subscriber and system data via addressed and system data packets 
9e and 9h to master uplink 1284. The subscriber authorization computer 1282 and the supen/isory control computer 
1280 are both current products manufactured and sold by Scientific-Atlanta. Subscriber authorization computer 1282 

30 contains all subscriber or decoder specific data In a large database. This subscriber specific data Is then formatted 
into addressed data packets 9e for multiplexing with audio and video in master uplink 1284. Similarly, subscriber au- 
thorization computer 1282 contains system wide information specific to particular programs in a large database and 
is formatted into system data packets 9h for transmission. Master uplink 1284 multiplexes the system and addressed 
data packets with audio and video to produce a typical B-MAC signal. This signal may be received by any subscriber 

35 who may use the data packets to decrypt the program. The addressed and system data packets 9e and 9h are then 
transmitted on a channel with the audio and video to satellite transponder 1205 via satellite uplink 1283. 

The signal is reflected from satellite transponder 1205 to satellite receiver and uplink 1283. The addressed and 
system data packets are received by loop-back uplink 1286 where they are stripped away from the audio and video 
program signals inserted at master uplink 1284. The packets are then multiplexed with different audio and video pro- 

40 gram signals and retransmitted to satellite transponder 1205. The combined signals are then transmitted to the indi- 
vidual receiver 1289 via receiver 1283 where they are decrypted. With this system, addressed data packets may be 
received by several loop-back uplink broadcasters who may multiplex these packets with their scrambled program 
signals. They may also take selected portions from the system data packet 9h, for example, tier information, pay-per- 
view cost data, etc. In this way, all loop-back uplink broadcasters preferably send broadcasted B-MAC program signals 

45 with data packets to all subscribers. A subscriber may tune to any channel to receive both the scrambled program and 
data packets to decrypt the program. The system wide data which may be combined at loop-back uplink 1 286 preferably 
includes the call-back data described in application having serial number entitled DATA RETURN FOR 

TELEVISION TRANSMISSION SYSTEM, incorporated herein by reference. 

In this system, the need for dedicated lines 1185 to each broadcaster is obviated since the addressed data packets 

so may be transmitted from master uplink 1 284 to a variety of loop-back uplinks 1 286 for the various program distributors 
(e.g., HBO, Cinemax, etc. ). The addressed and system data packets are in the form depicted in FIGS. 9 and 9A 
respectively, and preferably placed in a B-MAC format. Thus, loop-back uplink 1286 must decode the B-MAC signals 
to remove the loop-back formatting so as to extract each individual encrypted address data packet 9e to be multiplexed 
with their particular encrypted program signal. 

55 Additionally, the present invention may operate in a full field KOM mode which would be able to rapidly address 
all decoders 706 in the network. In a B-MAC television signal, the addressed data packets are preferably transmitted 
during the vertical blanking interval of each frame as discussed in the background of the Invention. Typically, KOMs 
and addressed data packets are sent during five lines of the vertical blanking interval for each field. This produces 
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roughly 6,000 bytes per second of data. This amount of data may be transmitted over dedicated lines 1 185 of the prior 
art. However, if a broadcaster wanted to rapidfy address all subscribers they were limited by the transmission capabil- 
ities of the dedicated lines 1 1 85 typically telephone lines by a telephone company Under the present Invention, roughly 
500 kilobytes per second of data may be sent in the full field mode. 204 video lines plus the 5 vertical blanking interval 

5 lines are available in this mode, per field, for transmitting addressed data packets. Consequently, if a broadcaster 
wanted to rapidly authorize PPV or IPPV viewing for a recently upcoming program (e.g., a boxing match), the broad- 
caster may do so with the present system. A text screen may appear on all subscriber's television sets which may 
indicate what was occurring. 

With this system, an individual subscriber with a satellite receiving dish may receiver program signals and data 

10 packets from all satellites, regardless of which channel he is tuned. If he is authorized to decrypt a particular program 
signal, the signal will contain his unique address data packet which is routed by processor 870 and decrypted by the 
particular security module. 

Diqitallv Upgrading the Decoder 

IS 

Referring to Figure 1 3, a method of converting the analog decoder box depicted in Figure 7 as 706 and Figure 8 
as 806 from an analog configuration to also accept digital television signals Is shown. The original analog decoder box 
is depicted as 1306 where incoming signals are down converted in down converter 1365. Preferably incoming signals 
are in the L band region, having frequencies between 0.95 and 1.45 gigahertz, however, any other frequencies may 
20 be used. These frequencies are down converted to a fixed frequency more manageable by the decoder, preferably to 
a 612 megahertz intemnediate frequency The signals are then demodulated in FM demodulator 1366 and transmitted 
to decoder 1 368 through switch 1 367. Preferably, the signals are in a B-MAC form and therefore decoder 1 368 decodes 
and decrypts the B-MAC signal to its audio, NTSC video and channel 3 signals to be input into a standard television 
receiver 

25 To upgrade the system to accept digital signals, a "digital side-car" 1 390 may be added by using a simple four lead 
connection. Tap 1397 allows the down converted signals to be input into the quadrature phase shift key demodulator 
1 391 of side-car 1 390. Preferably a 40 megabytes per second demodulator is used. The demodulated signals are then 
input into error correcting and demultiplexer 1392. Block 1392 also provides correct timing for the signals in side-car 
1390. 

30 Switch 1 367 would be placed in a second position to receive digital signals whereby analog signals from digital to 

analog (D/A) converter 1396 are input into decoder card 1368. Tuning microprocessor 1367, coupled to decoder 1368 
is used to control the physical transponder tuning function. Additionally, tuning microprocessor 1376 could also control 
volume, and display data on the front panel of decoder box 1390. Importantly, tuning microprocessor 1376 provides 
tuning information to box 1392 via decoder 1 368 to allow demultiplexer 1 392 to select a particular digital subchannel 

3S from all incoming signals contained within a particular channel. Specifically the display and communication's processor 
870 receives unencrypted channel location bits which allow it to locate and select a particular transponder number (or 
channel number) and sub-transponder (or subchannel number). This channel map Is more fully described In application 
entitled VIRTUAL CHANNELS FOR A MULTIPLEXED ANALOG COMPONENT (MAC) TELEVISION SYSTEM, having 
serial number , incorporated herein by reference. Additionally the video decryption seed from the security 

40 modules is also transmitted to box 1 392 to allow the selected subchannel to be decrypted. 

Box 1392 corrects error in the signal using a forward error correction method (FEC) with checksum or parity bits. 
The signal is demultiplexed with the selected subchannel input to video decompressor 1393. Typical digital video 
decompression would be discrete cosine transform (DCT) or other digital high compression technique known by those 
skilled in the art. 

45 The decompressed/expanded digital video signals are then decrypted in decryptor 1 399. If video signals are to be 
transmitted digitally, digital encryption using a key number rather than the previously described scrambling of analog 
signals using a seed is preferred. Consequently external and internal security modules 1314 and 1319 respectively, 
of decoder 1368 provide decryption keys to decryptor 1 399. Functioning of security modules 1314 and 1319 are iden- 
tical to that previously described above. 

50 The decrypted decompressed/expanded digital video signals are then processed for reformation to a B-MAC signal 

using techniques known by those skilled In the art. The expanded digital video signals are input into YUV store 1395 
where the luminance signal Y Is stored for each line or frame. Similarly chrominance signals U and V are also stored 
on a frame basis. Box 1392 also inputs B-MAC data to store control 1394 which outputs the stored luminance and 
chrominance stores at correctly timed intervals through D/A converter 1396 to decoder 1368. Signals coming out of 

55 converter 1 396 are typical B-MAC signals having video, audio and other data. From decoder 1 368, the standard analog 
signals are then input into a television receiver 

This embodiment allows the digital side-car to decompress and expand the low bit rate signal into a full B-MAC 
video signal. The system data, system and addressed data packets 9e and 9h, teletext and digital audio are uncom- 
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pressed and are passed out to decoder 1368 without decompression in side-car 1390. 

Switch 1376 could be microprocessor controlled so that a "compression-enable" bit in the system data or address 
data packet is read and causes switch 1367 to enable the decompression digital side-car 1390 to be enabled. Thus, 
the decoder 1306 with digital side-car 1390 may be able to receive and descramble both analog and digital video 

5 signals. Furthermore, tap 1397 is provided in Figure 1 3 as a loop. This loop could be a single lead, however, the loop 
provides for additional flexibility of expansion. 

While the present invention has been disclosed with respect to a preferred embodiment and modifications thereto, 
further modifications will be apparent to those of ordinary skill in the art within the scope of the claims that follow. It is 
not intended that the invention be limited by the disclosure, but instead that its scope be determined entirely by the 

10 claims which follow. 



Claims 

1. A decoder for receiving and descrambling a signal which has been scrambled using a key, the key having been 
selectively encrypted using at least one of a first confidential serial number and a second confidential serial number, 
said decoder comprising: 

first key decryptor means (713) operative when the selectively encrypted key has been encrypted using the 

20 first confidential serial number; 

second key decryptor means (718) operative when the selectively encrypted key has been encrypted using 
the second confidential serial number, one of the first and second key decryptor means being incorporated in 
a replaceable security module [714] removably attached to the decoder while the other is incorporated in a 
fixed security element [719] of the decoder; 

25 and 

control means (708) for operating at least one of the first and second key decryptor means to generate a 
decrypted key, the decrypted key being the key used to descramble the signal. 

2. A decoder according to claim 1 , wherein the control means operates the first key decryptor means to decrypt the 
30 selectively encrypted key and generate the decrypted key 

3. A decoder according to claim 1 or claim 2, wherein the control means operates the second key decryptor means 
to decrypt the selectively encrypted key and generate the decrypted key. 

35 4. A decoder according to any of claims 1 , 2 or 3, wherein the control means operates the first key decryptor means 
to decrypt the selectively encrypted key and generate a partially decrypted key and then operates the second key 
decryptor means to decrypt the partially decrypted key and generate the decrypted key 

5. A decoder according to any preceding claim, wherein: 

40 

the control means operates in one of a first mode, a second mode mode, and a third mode 

while operating in the first mode, the control means operates the first key decryptor means to decrypt the 

selectively encrypted key and generate the decrypted key; 

while operating in the second mode, the control means operates the second key decr/ptor means to decrypt 
45 the selectively encrypted key and generate the decrypted key; and 

while operating in the third mode, the control means operates the first key decryptor means to decrypt the 
selectively encrypted key and generate a partially decrypted key and then operates the second key decryptor 
means to decrypt the partially decrypted key and generate the decrypted key 

50 6. A decoder according to any preceding claim, wherein the decoder further includes signal descrambling means 
(708) for descrambling signal using the decrypted key. 

7. A decoder according to any preceding claim, further comprising first and second key memory means (707, 720) 
respectively coupled to said first and second key decryptor means (713, 718), for storing said decrypted key 

55 

8. A decoder according to any preceding claim, further comprising first and second confidential serial number memory 
means (712, 717) respectively coupled to said first and second key decryptor means (713, 718), for storing first 
and second confidential serial numbers. 
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9. A decoder according to claim 8, wherein in the replaceable security module (71 4) and in the fixed security element 
(719), said first and second confidential serial number memory means further comprise security means for allowing 
the contents of said first and second confidential serial number memory means (71 2, 717) to be read only by said 
respective first and second key decryptor means (713. 718). 

5 

10. A decoder according to any preceding claim, wherein said signal is a television signal. 

11. A decoder according to claim 10, wherein said signal is a B-MAC type television signal. 

10 12. A decoder according to any preceding claim, further comprising telephone interface means (875) for transmitting 
and receiving data to and from a television signal provider. 

13. A decoder according to claim 12. in which subscriber input data is transmitted by the replaceable security module 
(714) via said telephone interface means (875). 

75 

14. A decoder according to any preceding claim, wherein said first confidential serial number is assigned to the fixed 
security element (719) of said decoder (706). 

15. A decoder according to any preceding claim, wherein said second confidential serial number is assigned to said 
20 replaceable security module (714). 

16. A decoder according to any preceding claim, wherein; 

the selectively encrypted key has been encrypted under either a first confidential serial number, a second 
25 confidential serial number, or both; and 

the decoder further comprises means for actively switching (708), in response to a detected signal, between 
the fixed security element (719) and the replaceable security module (714) so as to effectively decrypt the 
selectively encrypted key to generate the decrypted key. 

30 1 7. A decoder according to any preceding claim, wherein: 

the selectively encrypted key has been encrypted under either a first confidential serial number, a second 
confidential serial number, or both; and 

the decoder further comprises means for actively switching (708), in response to a received signal, between 
35 first and second key decryptor means (713, 718) so as to effectively decrypt the key 

18. A decoder according to any preceding claim operative to receive a composite data packet addressed to a single 
decoder or group of decoders, the composite data packet comprising: 

40 a first data packet (9a) containing unencrypted data for addressing the individual or group of decoders; 

a second data packet (9c) containing unencrypted data tor determining whether at least one of first and second 
key decryptor means (714, 719) in the decoder are to be enabled; and, 
a third data packet (9d) containing encrypted data for use by the decoder. 

45 19. A decoder according to claim 18, in which the composite data packet further comprises a fourth data packet (9b) 
containing unencrypted data for determining the order of decrypting the third data packet by the first and second 
key decryptor means (714, 719) if the third data packet had been twice encrypted. 

20. The decoder according to any preceding claim, further comprising: 

50 

decoder circuitry (1368), the first and second key decryptor means (1314, 1319) being incorporated therein; 
a demodulator (1366); 

means for receiving (1 391 ) a plural'ity of compressed digital signals with a plurality of addresses, each address 
corresponding to a particular digital signal; 
55 means for selecting (1 392) a particular digital signal by identifying the particular address; 

means for decompressing (1393) the selected digital signal; and 

means for selectively coupling (1397) to the decoder circuity (1368) one of the means for decompressing 
(1393) and the demodulator (1366). 
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21. A decoder according to claim 20, further comprising means, coupled between the means for selecting (1 392) and 
the means for decompressing (1 393), for decrypting (1 399) the digital signal. 

22. A decoder according to any preceding claim wherein the replaceable security module includes: 

5 

the second key decryplor means; 

means, coupled to the second key decryptor means, for generating decoder control information from the de- 
crypted key, the decoder control information useable for descrambling the scrambled signal; and 
security means to ensure that the decrypted key generated by the second key decryptor means is only useable 
10 by the means for generating the decoder control information. 

23. A method for decoding a signal in a decoder comprising first and second key decryptor means, one of the first and 
second key decryptor means being Incorporated in a replaceable security module while the other is incorporated 
in a fixed security element, the method comprising steps of: 

IS 

selectively operating the first key decryptor means to process a selectively encrypted key based on a first 
confidential serial number when the selectively encrypted key has been encrypted under the first confidential 
serial number; 

selectively operating the second key decryptor means to process the selectively encrypted key based on a 
20 second confidential serial number when the selectively encrypted key has been encrypted under the second 

confidential serial number; and 

controlling the operation of at least one of the first and second key decryptor means to generate a decrypted 
key 

25 24. A method according to claim 23, wherein the step of controlling controls the decoder to operate in one of a first 
mode, a second mode and a third mode, the step of controlling including a step of: 

while the decoder is operating in the first mode, operating the first key decryptor means to decrypt the selec- 
tively encrypted key and generate the decrypted key; 
30 while the decoder is operating in the second mode, operating the second key decryptor means to decrypt the 

selectively encrypted key and generate the decrypted key; and 

while the decoder is operating In the third mode, operating the first key decryptor means to decrypt the selec- 
tively encrypted key and generate a partially decrypted key and then operating the second key decryptor 
means to decrypt the partially decrypted key and generate the decrypted key 

35 

25. A method according to claim 23 or claim 24, further comprising a step of generating decoder control information 
based on the decrypted key, the decoder control information useable for descrambling scrambled signals. 

26. A method according to any of claims 23 to 25, further comprising a step of securing data access to at least one 
40 (1 ) ensure that the first confidential serial numbers Is readable only by the first key decryptor means, and (2) ensure 

that the second confidential serial numbers is readable only by the second key decryptor means. 

27. A method according to any of claims 23 to 26, wherein said signal is a television signal. 

45 28. A method according to claim 27, wherein said signal is a B-MAC type television signal. 

29. A method according to any of claims 23 to 28, further comprising a step of transmitting, via telephone interface 
means (875), data to and from a television signal provider. 

50 30. A method according to claim 29. further comprising the step of: 

preparing subscriber input data in the replaceable security module (714) to be transmitted via the telephone 
interface means. 

31. A method according to any of claims 23 to 30, further comprising a step of actively switching (708), In response 
55 to a detected signal, between the fixed security element (71 9) and the replaceable security module (714) so as to 

effectively decrypt the selectively encrypted key to generate the decrypted key 

32. A method according to any of claims 23 to 31 , further comprising a step of actively switching (708), in response 
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to a detected signal, between the first and second key decryptor means (71 3, 71 8) so as to effectively decrypt the 
selectively encrypted key to generate the decrypted key. 

33. A method according to any of claims 23 to 32, further comprising steps of: 

5 

providing subscriber information including said selectively encrypted key and said first and second confidential 
serial numbers at a first source; 

providing a plurality of program signals at a plurality of second sources; 
transmitting the subscriber Information to the second sources; 
10 combining the subscriber infomnation with the program signals to produce combined signals; and, 

transmitting the combined signals to said decoder. 

34. A method according to any of claims 23 to 33 further comprising a step of receiving a composite data packet, the 
composite data packet comprising: 

75 

a first data packet (9a) containing unencrypted data for addressing the individual or group of decoders; 
a second data packet (9c) containing unencrypted data for determining whether at least one of first and second 
key decryptor means (714, 719) in the decoder are to be enabled; and, 
a third data packet (9d) containing encrypted data for use by the decoder 

20 

35. A method according to claim 34, wherein the composite data packet further comprises a fourth data packet (9b) 
containing unencrypted data for determining the order of decrypting the third data packet by the first and second 
key decryptor means (714. 719) if the third data packet had been twice encrypted. 

25 36. A method according to any of claims 23 to 35. wherein the decoder further Includes decoder circuitry (1 368), the 
first and second key decryptor means being incorporated therein, the method further comprising steps of: 

receiving (1391) a plurality of compressed digital signals with a plurality of addresses, each address corre- 
sponding to a particular digital signal; 
30 selecting (1 392) a particular digital signal by identifying the particular address; 

decompressing (1393) the selected digital signal; and 

selectively coupling (1367) to decoder circuity (1368) one of the decompressed signal (1393) and a demod- 
ulated signal (1366). 

35 37. A method according to claim 36, further comprising a step of decrypting (1 399) the selected digital signal. 

38. A method according to any of claims 23 to 37. further comprising steps of: 

generating decoder control information from the decrypted key, the decoder control information useable for 
40 descrambling the scrambled signal; and 

ensuring that the decrypted key generated by the second key decryptor means is only useable for generating 
the decoder control information. 

39. A method according to any claims 23 to 38. wherein the second key decryptor means Is Incorporated in the re- 
45 placeable security module, and initially the step of controlling operates only the first key decryptor means, and a 

headend encrypts a new key under an alternate first confidential serial number and then under the second confi- 
dential serial number to produce a new selectively encrypted key and the method further includes steps of: 

decrypting the new selectively encrypted key In the first key decryptor means using the alternate first confi- 
50 dential serial number to produce a partially decrypted key; and 

decrypting the partially decrypted key In the second key decryptor means using the second confidential serial 
number to recover the new key each subsequent new key being encrypted under only the second confidential 
serial number thereafter, the step of controlling operating only the second key decryptor means when a sub- 
sequent new key is encrypted under only the second confidential serial number 
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Patentanspruche 

1. Dekoder fur den Empfang und die EntwOrfelung eines Signals, das auf der Grundlage der Verwendung eines 
Codes verwurfelt worden ist, wobei der Code selektiv verschlusselt wurde, und dies unter Venwendung von zu- 
5 mindest einer ersten vertraulichen Seriennummer und einer zweiten vertraullchen Seriennummer; der besagte 

Dekoder umfaBt dabei: 

erste Code-Entschlusselungsvorrichtungen (713), die dann aktiviert werden, wenn der selektiv verschlusselte 
Code uber die Venwendung der ersten vertraulichen Seriennummer verschlusselt worden ist; 

10 zweite Code-Entschlusselungsvorrichtungen (718), die dann aktiviert werden, wenn der selektiv verschlus- 

selte Code unter Venwendung der zweiten vertraulichen Seriennummer verschlusselt wurde, wobei eine der 
ersten und zweiten Code-EntschlOsselungsvorrichtungen in einem austauschbaren Sicherheitsmodul (714) 
eingebaut ist, das an dem Dekoder abnehmbar befestigt ist, wahrend die andere in einem stationaren Sicher- 
heitselement (719) des Dekoders enthalten ist; 

IS und 

Steuervorrichtungen (708) fur den Betrieb von mindestens einem der ersten und zweiten Code-Entschlusse- 
lungsvorrlchtungen. urn einen entschlusselten Code zu generieren, wobei der entschlusselte Code jener ist, 
der fur die EntwOrfelung des Signals venwendet wird. 

20 2. Dekoder gemaB Anspruch 1, dadurch gekennzeichnet, da3 die Steuervorrlchtung die erste Code-Entschlusse- 
lungsvorrlchtung steuert, um den selektiv verschlusselten Code zu entschlussein und den entschlusselten Code 
zu generieren. 

3. Dekoder gemaB Anspruch 1 Oder Anspruch 2, dadurch gekennzeichnet, daB die Steuervorrichtung die zweite 
25 Code-Entschlusselungsvorrichtung steuert, um den selektiv verschlusselten Code zu entschlussein und den ent- 
schlusselten Code zu generieren. 

4. Dekoder gemaB irgendeinem der Anspruche 1 , 2 Oder 3, dadurch gekennzeichnet, daB die Steuervorrichtung die 
erste Code-Entschlusselungsvorrichtung steuert, um den selektiv verschlusselten Code zu entschlussein und ei- 

30 nen partiell entschlusselten Code zu generieren, und dann die zweite Code-Entschlusselungsvorrichtung steuert, 

um den partiell entschlusselten Code zu entschlussein und den entschlusselten Code zu generieren. 

5. Dekoder gemaB irgendeinem der vorausgegangenen Anspruche, dadurch gekennzeichnet. daB: 

35 die Steuervorrichtung in entweder einer ersten Betriebsart, einer zweiten Betriebsart oder einer dritten Be- 

triebsart opertert; 

bei einem Betrieb in der ersten Betriebsart, die Steuervorrichtung die erste Code-Entschlusselungsvorrichtung 
steuert, um den selektiv verschlOsselten Code zu entschlussein und den entschlusselten Code zu generieren; 
in der zweiten Betriebsart die Steuervorrichtung die zweite Code-Entschlusselungsvorrichtung steuert, um 
40 den selektiv verschlusselten Code zu entschlussein und den entschlusselten Code zu generieren; und 

in der dritten Betriebsart die Steuervorrichtung die erste Code-Entschlusselungsvorrichtung steuert, um den 
selektiv verschlusselten Code zu entschlussein und einen partiell entschlusselten Code zu generieren, und 
dann die zweite Code-Entschlusselungsvorrichtung steuert, um den partiell entschlusselten Code zu ent- 
schlussein und den entschlusselten Code zu generieren. 

45 

6. Dekoder gemaB irgendeinem der vorausgegangenen Anspruche, dadurch gekennzeichnet, daB der Dekoder zu- 
satzlich eine Signal-Entwurfelungsvorrichtung (708) aufweist, um das Signal uber den entschlusselten Code zu 
entwurfeln. 

so 7. Dekoder gemaB irgendeinem der vorausgegangenen Anspruche, der daruber hinaus erste und zweite Code-Spei- 
chervorrichtungen (707, 720) aufweist, die jeweils mit der besagten ersten und zweiten Entschlusselungs-Vorrich- 
tung (713, 718) gekoppelt sind, um den besagten entschlusselten Code zu speichern. 

8. Dekoder gemaB irgendeinem der vorausgegangenen Anspruche, der daruber hinaus erste und zweite vertrauliche 
ss Seriennummer-Speichervorrichtungen (712, 717) besitzt, die jeweils an der besagten ersten und zweiten Code- 

Entschlusselungsvorrichtung (71 3, 71 8) gekoppelt sind, um erste und zweite vertrauliche Seriennummern zu spei- 
chern. 
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9. Dekoder gemaB Anspruch 8, dadurch gekennzeichnet, daO in dem austauschbaren Sicherheitsmodul (714) und 
in dem stationaren Sicherheitselement (719) die besagten ersten und zweiten vertraulichen Seriennummer-Spel- 
chervorrichtungen femer Sicherheitselemente umtassen, damit der Inhalt der besagten ersten und zweiten ver- 
traulichen Seriennummer-Speichervorrichtungen (712. 717) nur uberdie besagte entsprechende erste und zweite 

5 Code-Entschlusselungsvorrichtung (713. 718) gelesen werden kann. 

10. Dekoder gemaB irgendeinem der vorausgegangenen Patentanspruclie, bei dem es sich bei dem besagten Signal 
urn ein Femsehsignal handett. 

10 11. Dekoder gemaB Patentanspruch 10, bei dem es sicli bei dem besagten Signal um ein Femsehsignal des Typs B- 
MAC handelt. 

1 2. Dekoder gemaB irgendeinem der vorausgegangenen Patentanspruche, der ferner eine Telefon-Schnittstellenvor- 
richtung (875) umfaBt, um Oaten auf den Betreiber eines Fernsehsignals zu ubertragen und Oaten von diesem zu 

IS empfangen. 

13. Dekoder gemaB Patentanspruch 12, dadurch gekennzeichnet, daB die Input-Daten des Teilnehmers durch das 
austauschbare Sicherheitsmodul (714) uber die besagte Telefon-Schnittstellenvorrichtung (875) ubertragen wer- 
den. 

20 

14. Dekoder gemaB irgendeinem der vorausgegangenen Patentanspruche, dadurch gekennzeichnet, daB die besagte 
erste vertrauliche Seriennummer dem festen Sicherheitselement (719) des besagten Oekoders (706) zugeordnet 
ist. 

2S 15. Dekoder gemaB irgendeinem der vorausgegangenen Patentanspruche, dadurch gekennzeichnet, daB die besagte 
zweite vertrauliche Seriennummer dem besagten austauschbaren Sicherheitsmodul (714) zugeordnet ist. 

16. Dekoder gemaB irgendeinem der vorausgegangenen Patentanspruche, dadurch gekennzeichnet, daB: 

30 der selektiv verschlusselte Code entweder unter einer ersten vertraulichen Seriennummer oder einer zweiten 

vertraulichen Seriennummer oder beiden verschlusselt worden ist; und 

der Dekoder ferner Vorrichtungen umfaBt, um, in Reaktion auf ein erfaBtes Signal, aktiv zwischen dem sta- 
tionaren Sicherheitselement (719) und dem austauschbaren Sicherheitsmodul (714) umzuschalten (708), um 
auf diese Art und Weise wirksam den selektiv verschlusselten Code zu entschlDsseln und damit den entschlus- 
35 selten Code zu generieren. 

17. Dekoder gemaB irgendeinem der vorausgegangenen Anspruche, dadurch gekennzeichnet, daB: 

der selektiv verschlusselte Code entweder unter einer ersten vertraulichen Seriennummer oder einer zweiten 
40 vertraulichen Seriennummer oder beiden verschlusselt worden ist; und 

der Dekoder daruber hinaus Vorrichtungen umfaBt, um aktiv in Reaktion auf ein empfangenes Signal zwischen 
ersten und zweiten Code-Entschlusselungs-Vorrichtungen (713, 718) umzuschalten (708), um auf diese Art 
und Weise den Code wirksam zu entschlDsseln. 

45 1 8. Dekoder entsprechend irgendeinem der vorausgegangenen Patentanspruche, der so arbeitet, daB er ein zusam- 
mengesetztes Oatenpaket empfangt, das an einen einzelnen Dekoder oder eine Gruppe von Dekodern adressiert 
ist, wobei dieses zusammengesetzte Oatenpaket folgendes umfaBt: 

ein erstes Oatenpaket (9a), das nicht-verschlusselte Oaten fur die Adressierung des individuellen oder der 
50 Gruppe von Dekodern enthalt; 

ein zweites Oatenpaket (9c), das nicht-verschlusselte Oaten fur die Bestimmung daruber enthalt, ob minde- 
stens eine der ersten und zweiten Code-Entschlusselungsvorrichtungen (714, 719) in dem Dekoder aktiviert 
werden sollen; und 

ein drittes Oatenpaket (9d), das verschlusselte Oaten zur Verwendung durch den Dekoder enthalt. 

55 

1 9. Dekoder gemaB Anspruch 1 8, bei dem das zusammengesetzte Oatenpaket daruber hinaus ein viertes Oatenpaket 
(9b) umfaBt, das nicht-verschlusselte Oaten fur die Bestimmung der Reihenfolge der Entschlusselung des dritlen 
Datenpakets uber die erste und zweite Code-Entschlusselungsvorrlchtung (714, 719) enthalt, wenn das dritte 
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Datenpaket zweimal verschlOsseit worden ist. 

20. DerDekodergemaBirgendeinemdervorausgegangenenPatentansprOche, derdaruberhinausfolgendeElemente 
umfaRt: 

5 

einen DekcxJer-Schaltkreis (1 368), wobei die erste und zweite Code-Entschlusselungsvorrichtung (1 31 4. 1 31 9 
darin enthatten sind; 
einen Demodulator (1366); 

Vorrichtungen fur den Emptang (1 391 ) einer Vielzahl komprimierter Digitalsignale mit einer Vietzahl von Adres- 
10 sen, wobei jede Adresse einem speziellen DIgitalsignal zugeordnet ist; 

Vorrichtungen zur Auswahl (1 392) eines speziellen Digitalsignals durch Identifizierungder betreffenden Adres- 
se; Vorrichtungen zur Dekomprinnierung (1393) des ausgewahlten Digitalsignals; und 
Vorrichtungen fur die selektive Kopplung (1 397) einer der Vorrichtungen fur die Dekomprinnierung (1 393) und 
des Demodulators (1366) an den Dekoder-Schaltkreis (1368). 

IS 

21. Dekoder gemaB Patentanspruch 20, der daruber hinaus Vorrichtungen umfaBt, die zwischen den Vorrichtungen 
fur die Auswahl (1392) und die Vorrichtungen fur die Dekomprimierung (1393) gekoppelt sind, urn das digitale 
Signal zu entschlussein (1399). 

20 22. Dekoder gemaB irgendeinem der vorausgegangenen Patentanspruche, dadurch gekennzeichnet, daB das aus- 
tauschbare Sicherheitsmodul folgende Elemente umfaBt: 

die zweiten Code-EntschlQsselungsvorrichtung; 

Vorrichtungen, die mit der zweiten Code-Entschlusselungsvorrlchtung gekoppelt sind, um Dekoder-Steuer- 
25 daten von dem entschlusselten Code zu generieren, wobei die Dekoder-Steuerdaten fur die Entwurfelung des 

verwurfelten Signals verwendbar sind; und 

Sicherheitsvorrichtungen, um sicherzustellen, daB der entschlusselte Code, der uber die zweite Code-Ent- 
schlOsselungsvorrichtung generiert worden ist, nur Ober die Vorrtchtung zur Generierung der Dekoder-Steu- 
erdaten verwendbar ist. 

30 

23. Ein Verfahren zur Decodierung eines Signals in einem Dekoder, der erste und zweite Code-Entschlusselungsvor- 
richtungen umfaBt, wobei eine der ersten und zweiten Code-Entschlusselungsvorrichtungen in einem austausch- 
baren Sicherheitsmodul eingebettet ist, wahrend die andere in einem stationaren Sicherheitselementfixiert ist; die 
Methode umfaBt dabei folgende Stufen: die selektive Steuerung der ersten Code-Entschlusselungsvorrichtung 

35 zur Verarbeitung eines selektiv verschlusselten Codes, ausgehend von der ersten vertraulichen Seriennummer, 
wenn der selektiv verschlusselte Code unter der ersten vertraulichen Seriennummer verschlOsseit worden ist; 

die selektive Steuerung der zweiten Code-Entschlusselungsvorrichtung, um den selektiv verschlusselten Co- 
de zu verarbeiten, ausgehend von einer zweiten vertraulichen Seriennummer, wenn der selektiv verschlusselte 
40 Code unter der zweiten vertraulichen Seriennummer verschlOsseit worden ist; und 

die Steuerung der Betriebsfunktion von mindestens einer der ersten und zweiten Code-EntschlOsselungsvor- 
richtungen zur Generierung eines entschlOsselten Codes. 

24. Verfahren gemaB Patentanspruch 23, dadurch gekennzeichnet, daB die Steuerungsstufe den Dekoder so steuert, 
45 daB er entweder in einer ersten Betriebsart, einer zweiten Betriebsart Oder einer dritten Betriebsart operiert, wobei 

die Stufe der Steuerung folgende Stufe umfaBt: 

wahrend der Dekoder in der ersten Betriebsart operiert, Steuerung der ersten Code-EntschlOsselungsvorrich- 
tung zur Entschlusselungdes selektiv verschlOsselten Codes und zur Generierung des entschlusselten Codes; 
50 wahrend der Dekoder in der zweiten Betriebsart arbeitet, Steuerung der zweiten Code-EntschlOsselungsvor- 

richtung zur EntschlOsselung des selektiv verschlusselten Codes und zur Generierung des entschlusselten 
Codes; und 

wahrend der Dekoder in der dritten Betriebsart arbeitet, Steuerung der ersten Code-EntschlOsselungsvorrich- 
tung zur EntschlOsselung des selektiv verschlOsselten Codes und Generierung eines partiell entschlOsselten 
55 Codes, mit anschlleBender Steuerung der zweiten Code-EntschlOsselungsvorrichtung, um den partiell ent- 

schlusselten Code zu entschlOsseIn und den entschlOsselten Code zu generieren. 

25. Verfahren gemaB Anspruch 23 Oder Anspruch 24, mit einer zusatzlichen Stufe der Generierung von Dekoder- 
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Steuerungsdaten. ausgehend von dem entschlOsselten Code, wobei die Dekoder-Steuerdaten fur die Entwurfe- 
lung von verwurfelten Signalen nutzbar sind. 

26. Verfahren gemafJ irgendelnem der Patentanspruche 23 bis 25, das daruberhinaus eine Stufe der Sicherstellung 
5 des Datenzugangs umfaBt, unri zumindest sicherzustellen, (1) daB die ersten vertraulichen Seriennunnmern nur 

uber die erste Code-Entschlusselungsvorrichtung lesbar sind und (2) daB die zweiten vertraulichen Seriennunn- 
mem nur uber die zweite Code-Entsclilusselungsvorrichtung lesbar sind. 

27. Verfahren gemaB irgendeinem der Patentanspruche 23 bis 26, dadurch gekennzeichnet, daB es sich bei dem 
10 besagten Signal um ein Fernsehsignal handett. 

28. Verfahren gemaB Patentanspruch 27, dadurch gekennzeichnet, daB es sich bei dem besagten Signal um ein B- 
MAC-Fernsehsignal handelt. 

IS 29. Verfahren gemaB irgendeinem der Patentanspruche 23 bis 28, das daruberhinaus eine Stufe der Ubemnlttlung 
von Daten zu und von einem Fernsehsignal-Lleferanten uber eine Telefon-Schnittstellenvorrichtung (875) umfaBt. 

30. Verfahren gemaB Patentanspruch 29, das zusatzlich die Stufe der Auf bereitung von Tellnehmer-inputdaten in dem 
austauschbaren Sicherheitsmodul (714) umfaBt, zwecks Ubertragung uber die Telefon-Schnittstellenvorrichtung. 

20 

31 . Verfahren gemaB irgendeinem der Patentanspruche 23 bis 30, das daruberhinaus eine Stufe der aktiven Schaltung 
(708), in Reaktlon auf ein erfaBtes Signal, zwischen dem stationaren Sicherheitselement (719) und dem aus- 
tauschbaren Sicherheitsmodul (714) umfaBt, um auf diese Art und Weise wirksam den selektiv verschlusselten 
Code zu entschlussein und damit den entschlOsselten Code zu generieren. 

25 

32. Verfahren gemaB irgendeinem der Patentanspruche 23 bis 31 , das daruberhinaus eine Stufe der aktiven Schaltung 
(708), in Reaktion auf ein erfaBtes Signal, zwischen der ersten und zweiten Code-Entschlusselungsvorrichtung 
(713, 718) umfaBt, um somit den selektiv verschlusselten Code wirksam zu entschlussein und damit den ent- 
schlOsselten Code zu generieren. 

30 

33. Verfahren gemaB irgendeinem der Patentanspruche 23 bis 32, das darubertiinaus folgende Stufen umfaBt: 

Bereitstellung von Tellnehmerdaten, einschlieBlich des besagten selektiv verschlOsselten Codes und der be- 
sagten ersten und zweiten vertraulichen Seriennummer fOr eine erste Quelle; 
35 die Bereitstellung einer Vielzahl von Programmsignalen fOr eine Vielzahl von zweiten Quellen; 

die Ubermittlung der Teilnehmer- Information auf die zweiten Quellen; 

die Kombination der Tellnehmerdaten mit den Programmsignalen zur Erzeugung kombinierter Signale; und 
die Ubertragung der komblnierten Signale auf den besagten Dekoder 

40 34. Verfahren gemaB irgendeinem der Patentanspruche 23 bis 33, das daruber hinaus eine Stufe des Empfangs eines 
zusammengesetzten Datenpakets umfaBt, wobei dieses zusammengesetzte Datenpaket folgendes umfaBt: 

ein erstes Datenpaket (9a), das nicht-verschlusselte Daten f Or die Adressierungdes einzelnen Dekodersoder 
einer Gruppe von Dedekodern enthalt; 
45 ein zweites Datenpaket (9c), das nicht-verschlOsselte Daten fur die Bestimmung darOber enthalt, ob minde- 

stens eine der ersten und zweiten Code-Entschlusselungsvorrichtungen (714, 719) in dem Dekoder aktiviert 
werden sollen; und 

ein drittes Datenpaket (9d), das entschlussette Daten fur die Venwendung durch den Dekoder enthalt. 

50 35. Verfahren gemaB Patentanspruch 34, dadurch gekennzeichnet, daB das zusammengesetzte Datenpaket darOber 
hinaus ein viertes Datenpaket (9b) umfaBt, das nicht-verschlusselte Daten enthalt, um die Reihenfolge der Ent- 
schlOsselung des dritten Datenpakets uber die erste und zweite Code-Entschlusselungsvorrichtung (714, 719) zu 
best Im men, wenn das dritte Datenpaket zweimal verschlOsselt worden ist. 

ss 36. Verfahren gemaB irgendeinem der Patentanspruche 23 bis 35, dadurch gekennzeichnet, daB der Dekoder daruber 
hinaus einen Dekoder-Schaltkreis (1368) umfaBt, wobei die erste und zweite Code-EntschlOsselungsvorrichtung 
in diesen eingebettet sind; da Verfahren umfaBt daruber hinaus folgende Stufen: 
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den Empfang (1391) einer Vielzahl komprimierter Digitalsignale mit einer Vielzahl von Adressen, wobei jede 
Adresse einem speziellen Digitalsignal entspricht; 

die Auswahl (1392) eines speziellen Digitalsignals durch Identifizierung der spezifischen Adresse; 
die Dekomprimierung (1393) des gewahlten digilalen Signals; und 
5 die selektive Kopplung (1 367) entwederdes dekomprimierten Signals (1 393) Oder des demodulierten Signals 

(1366) an den Dekoder-Schaltkreis (1368). 

37. Verfahren gemaR Patentanspruch 36. das daruberhinaus die Stufe der Entschlusselung (1 399) des ausgewahlten 
Digitalsignals umfaQt. 

10 

38. Verfahren gema3 irgendeinem der Patentanspruche 23 bis 37, das daruberhinaus folgende Stufen umfa(3t: 

die Generierung von Dekoder-Steuerdaten aus dem entschlusselten Code, wobei die Dekoder-Steuerdaten, 
die fur die Entwurfelung des verwurfelten Signals nutzbar ist; und 
IS die Sicherstellung dahingehend, daO der entschlusselte Code, der Ober die zweite Code-Entschlusselungs- 

vorrichtung generiert worden ist, nur fur die Generierung der Dekoder-Steuerdaten venwendbar ist. 

39. Verfahren gemaR irgendeinem der Patentanspruche 23 bis 38, dadurch gekennzeichnet, da3 die zweite Code- 
Entschlusselungsvorrlchtung in dem austauschbaren Sichertieitsmodul etngebettet ist, und zunachst die Steue- 

20 rungsstufe nur die erste Code-EntschlDsselungsvorrtchtung betreibt und eine Kopfstelle einen neuen Code unter 

einer alternativen ersten vertraulichen Seriennummerverschlusselt, um dann unter der zweiten vertraulichen Se- 
riennummer einen neuen selektiv verschlusselten Code zu generteren; das Verfahren umfa8t daruber hinaus fol- 
gende Stufen: 

25 die Entschlusselung des neu selektiv verschlusselten Codes in der ersten Code-Entschlusselungsvorrichtung 

unter Venwendung der alternativen ersten vertraulichen Seriennummer zur Erzeugung eines partiell entschlus- 
selten Codes; und 

die Entschlusselung des teilweise entschlusselten Codes in der zweiten Code-Entschlusselungsvorrichtung 
unter Einsatz der zweiten vertraulichen Seriennummer, um den neuen Code zurOckzugewinnen, wobei jeder 
30 nachfolgende neue Code nur unter der zweiten vertraulichen nachfolgenden Seriennummer verschlusselt 

wird, wobei die Steuerungsstufe die zweite Code-Entschlusselungsvorrichtung nur dann betreibt, wenn ein 
neuer nachfolgender Code nur unter der zweiten vertraulichen Seriennummer verschlusselt wird. 



35 Revendicatlons 

1 . D6codeur pour recevoir et d6brouiller un signal qui a 6t6 broui!l6 par utilisation d'une clef, la clef ayant 6t6 s6lec- 
tivement chiffr6e par utilisation d'au moins un premier num6ro de s6rle confidentiel ou un deuxi6me num6ro de 
serie confidentiel, ledit decodeur comprenant : 

40 

des premiers moyens d6crypteurs de clef (71 3), actifs quand la clef s6lectivement chiffr6e a 6t6 chiffr6e par 
utilisation du premier num6ro de s6rie confidentiel ; 

des deuxiemes moyens decrypteurs de clef (718), actifs quand la clef s§lectivement chiffree a 6t6 chiffree par 
utilisation du deuxi6me num6ro de s6rle confidentiel, les premiers ou les deuxiemes moyens d6crypteurs de 
45 clef 6tant incorpor6s dans un module de s6curlt6 remplagable (71 4), f ix6 d'une mani6re amovible au decodeur, 

tandis que les autres sont incorpores dans un element de security fixe (71 9) du decodeur ; et 
des moyens de commande (708), pour aglr sur au moins les premiers ou les deuxifemes moyens decrypteurs 
de clef, pour produire une clef d6crypt6e, la clef d6crypt6e 6tant la clef utills6e pour d§brouiller le signal. 

so 2. Decodeur selon la revendication 1 , dans lequel les moyens de commande agissent sur les premiers moyens 
decrypteurs de clef pour d6crypter la clef s6lectivement chiffr6e et g6n6rer la clef d6crypt6e. 

3. D6codeur selon la revendication 1 ou la revendication 2, dans lequel les moyens de commande agissent sur les 
deuxifemes moyens decrypteurs de clef, pour decrypter la clef selectivement chiffree et g6n6rer la clef d6crypt6e. 

55 

4. Decodeur selon I'une quelconque des revendicatlons 1 , 2 ou 3, dans lequel les moyens de commande agissent 
sur les premiers moyens decrypteurs de clef pour decrypter la clef selectivement chiffree et g^n^rer une clef 
partiellement d6crypt6e, puis agit sur les deuxiemes moyens decrypteurs de clef pour decrypter la clef partiellement 
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ddcryptde et g6n6rer la clef d6crypt6e. 

5. D^codeur selon I'une quelconque des revendicatlons pr6c6dentes, dans lequel : 

5 les moyens de commande agissent selon un premier mode, un deuxidme mode ou un troisifeme mode : 

quand lis agissent selon le premier mode, les moyens de commande agissent sur les premiers moyens 66- 
crypteurs de clef, pour d6crypter la clef selectivement chiff r6e et gen6rer la clef decryptee ; 
quand ils agissent selon le deuxidme mode, les moyens de commande agissent sur les deuxi6mes moyens 
d6crypteurs de clef, pour d6crypter la clef selectivement chiffr6e et g§n6rer la clef d6crypt6e ; et 

10 quand ils agissent selon le troisi6me mode, les moyens de commande agissent sur les premiers moyens 

decrypteurs de clef pour d6crypter la clef selectivement chiffr^e et g6nerer une clef partiellement decryptee, 
puis agissent sur les deuxi^mes moyens decrypteurs de clef pour d6crypter la clef partiellement d^cryptde et 
g6n6rer la clef d6crypt6e. 

6. D6codeur selon I'une quelconque des revendicatlons precedentes, dans lequel le decodeur comprend en outre 
des moyens debrouilleurs de signaux (708), pour debrouiller le signal en utilisant la clef decrypt6e. 

7. Decodeur selon I'une quelconque des revendicatlons prec6dentes, qui comprend en outre des premiers et des 
deuxiemes moyens de memoire de clef (707, 720), qui sont couples respectivement auxdits premiers et deuxiemes 

20 moyens decrypteurs de clef (71 3, 71 8) pour stocker ladite clef decryptee. 

8. Decodeur selon I'une quelconque des revendicatlons precedentes, qui comprend en outre des premiers et des 
deuxiemes moyens de memoire de numero de serie confldentiel (712, 717), couples respectivement auxdits pre- 
miers et deuxiemes moyens decrypteurs de clef (713, 718), pour stocker le premier et le deuxieme numeros de 

25 serie confidentiels. 

9. Decodeur selon la revendication 8, dans lequel, dans le module de securite rempla^able (714) et dans le module 
de securite fixe (71 9), lesdits premiers et deuxiemes moyens de memoire de numeros de s6rie confidentiels com- 
prennent des moyens de securite, pour que le contenu desdits premiers et deuxiemes moyens de memoire de 

30 numeros de serie confidentiels (712, 717) ne puissent etre lus que par lesdits premiers et deuxiemes moyens 

decrypteurs de clef (713, 718) respectifs. 

10. Decodeur selon I'une quelconque des revendicatlons precedentes, dans lequel ledit signal est un signal de tele- 
vision. 

35 

11. Decodeur selon la revendication 10, dans lequel ledit signal est un signal de television de type B-MAC. 

12. Decodeur selon I'une quelconque des revendicatlons precedentes, qui comprend en outre des moyens d'interface 
teiephonique (875) pour transmettre des donnees a un fournisseur de signaux de television et les en recevoir 

40 

13. Decodeur selon la revendication 12, dans lequel les donnees d'entree de I'abonne sont transmises par le module 
de securite remplagable (714) par I'intermediaire desdits moyens d'interface teiephonique (875). 

14. Decodeur selon I'une quelconque des revendicatlons precedentes, dans lequel ledit premier numero de s6rie 
45 confldentiel est attribu6 a reiement de securite fixe (719) dudit decodeur (706). 

15. Decodeur selon Tune quelconque des revendicatlons precedentes, dans lequel ledit deuxieme numero de serie 
confldentiel est attribu6 audit module de securite remplagable (714). 

50 16. Decodeur selon I'une quelconque des revendicatlons precedentes, dans lequel : 

la clef selectivement chlffree a 6te chiff ree par utilisation d'un premier numero de s6rie confldentiel, d'un deuxie- 
me numero de serie confldentiel, ou des deux ; et 

le decodeur comprend en outre des moyens de commutation active (708), en reponse a un signal detecte, 
55 entre reiement de s6curit6 fixe (71 9) et le module de securite remplagable (71 4), de fagon b d6crypter effica- 

cement la clef selectivement chiff ree, pour generer la clef decryptee. 

17. Decodeur selon I'une quelconque des revendicatlons pr6c6dentes, dans lequel : 
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la clef sdlectivement chiffr6e a 6t6 chiff r6e par utilisation d'un premier nunn6 rode serie confidentiel, d'un deuxi6- 
me nunriero de s^rie confidentiei, ou des deux ; et 

le ddcodeur comprend en outre des moyens de commutation active (708), en r6ponse k un signal regu, entre 
les premiers et les deuxl6mes moyens d6crypteurs de clef (71 3, 71 8), de fa^on ^ decrypter efflcacement la clef. 

5 

18. D6codeur selon I'une quelconque des revendications pr6c6dentes, actif pour recevoir un paquet de donn6es com- 
posite adress6 ^ un d^codeur unique ou k un groupe de decodeurs, le paquet de donndes composite comprenant : 

un premier paquet de donn^es (9a), contenant des donnees non chiffrees, pour adressage du d6codeur in- 
10 dividuel ou du groupe de d6codeurs ; 

un deuxieme paquet de donnees (9c) contenant des donnees non chiffrees, pour determiner si au moins les 
premiers ou les deuxi^mes moyens decrypteurs de clef (714, 719) se trouvant dans le d^codeur doivent etre 
valid6s ; et 

un troisi6me paquet de donnees (9d), contenant des donnees chiffrees, pour utilisation par le decodeur. 

IS 

19. Decodeur selon la revendication 18, dans lequel le paquet de donnees composite comprend en outre un quatri^me 
paquet de donn6es (9b) contenant des donnees non chiff r6es, pour determiner I'ordre de d6cryptage du troisi^me 
paquet de donnees paries premiers et lesdeuxi^mes moyens decrypteurs de clef (714, 719) si le troisieme paquet 
de donnees a 6te deux fois chiffr6. 

20 

20. D6codeur selon I'une quelconque des revendications pr6c6dentes, qui comprend en outre : 

un circuit decodeur (1368), les premiers et les deuxiemes moyens decrypteurs de clef (1314, 1319) y etant 
incorpor6s ; 
25 un demodulateur (1366) ; 

des moyens (1 391) pour recevoir une pluralitede signaux numeriques comprimes ayant une pluralite d'adres- 
ses, chaque adresse correspondant ci un signal num^rique particulier ; 

des moyens (1392) pour s6lectionner un signal num6rique particulier par Identification de I'adresse 
particuliere ; 

30 des moyens (1 393) pour decomprimer le signal numerique selectionne ; et 

des moyens (1397) pour coupler d'une mani^re selective au circuit decodeur (1368) les moyens de decom- 
pression (1393) ou le demodulateur (1366). 

21. Decodeur selon la revendication 1, qui comprend en outre des moyens (1399), coupl6s entre les moyens de 
55 selection (1 392) et les moyens de decompression (1 393), pour d6crypter le signal numerique. 

22. Decodeur selon I'une quelconque des revendications precedentes, dans lequel le module de s6curlte rempla^able 
comprend : 

40 les deuxiemes moyens decrypteurs de clef ; 

des moyens, couples aux deuxiemes moyens decrypteurs de clef, pour generer une information de commande 
de decodeur k partir de la clef decryptee, information de commande de decodeur pouvant etre utilisee pour 
debrouiller le signal brouille ; et 

des moyens de s6curite, pour garantir que la clef decryptee gener6e par les deuxiemes moyens decrypteurs 
45 de clef ne peuvent etre utilises que par les moyens destines k gen6rer I'information de commande de d6codeur. 

23. Procede pour decoder un signal dans un decodeur comprenant des premiers et des deuxiemes moyens decryp- 
teurs de clef, les premiers ou les deuxiemes moyens decrypteurs de clef etant incorpores dans un module de 
securite rempla^ble, tandis que les autres sont incorpores dans un element de securite fixe, le procede compre- 

50 nant les etapes consistant : 

h agir seiectivement sur les premiers moyens decrypteurs de clef pour traiter une clef seiectivement chiffr6e 
sur la base d'un premier numero de serie confidentiei quand la clef seiectivement chiffree a ete chiffree par 
utilisation du premier numero de serie confidentiei ; 
55 k agir seiectivement sur les deuxiemes moyens decrypteurs de clef pour traiter la clef seiectivement chiffree 

sur la base d'un deuxieme numero de serie confidentiei quand la clef seiectivement chiffree a ete chiffree par 
utilisation du deuxieme numero de serie confidentiei ; et 

k commander le fonctionnement d'au moins les premiers ou les deuxiemes moyens decrypteurs de clef, pour 



26 



EP 0 506 435 B1 



g6n6rer une clef d6crypt6e. 

24. Proc6d6 selon la revendication 23, dans lequel I'^tape de commande commande le d6codeur, pour qu'il agisse 
selon un premier mode, un deuxi6me mode ou un troisiSme mode, I'Stape de commande comprenant une 6tape 
5 consistant : 

quand le d6codeur agit selon le premier mode, ^ agir sur las premiers moyens d6crypteurs de clef pour d6- 
crypter la clef s6lectivement chiffr6e et g6n6rer la clef d6crypt6e ; 

quand le d6ccdeur agit selon le deuxi^me mode, k agir sur les deuxi^mes moyens ddcrypteurs de clef pour 
10 d6crypter la clef s6lectivement chiffrde et g6n6rer la clef d6crypt6e ; et 

quand le d6codeur agit selon le troisi6me mode, k agir sur les premiers moyens d6crypteurs de clef pour 
decrypter la clef selectivement chiffr6e et g6n6rer une clef partiellement d6cryptee, puis k agir sur les deuxid- 
mes moyens d^crypteurs de clef pour d6crypter la clef partiellement d6crypt6e et g6n6rer la clef d6crypt6e. 

15 25. Proc6d6 selon la revendication 23 ou 24, qui comprend en outre une 6tape consistant ^ g6n6rer une information 
de commande de d6codeur sur la base de la clef d6crypt6e, I'information de commande de d6codeur pouvant etre 
utilts^e pour d^brouiller des signaux brouillds. 

26. Proc6de selon I'une quelconque des revendicalions 23 k 25, qui comprend en outre une 6tape consistant k assurer 
20 I'accfes de donn6es. au moins pour (1 ) garantir que les premiers num6ros de s6rie confidentiels ne peuvent Stre 

lus que par les premiers moyens d6crypteurs de clef, ou (2) garantir que les deuxi^mes num6ros de s6rie confi- 
dentiels ne peuvent etre lus que par les deuxi^mes moyens d^crypteurs de clef. 

27. Proc6d6 selon I'une quelconque des revendications 23^ 26, dans lequel ledit signal est un signal de t6l6vision. 

25 

28. Procede selon la revendication 27, dans lequel ledit signal est un signal de television de type B-MAC. 

29. Proc6d6 selon Tune quelconque des revendications 23 ^ 28, qui comprend en outre une 6tape consistant ^ trans- 
mettre, par I'intermediaire de moyens d'interface telephonique (875), des donnees k un foumisseur de signaux de 

30 television et k partir de ce dernier 

30. Proc6de selon la revendication 29, qui comprend en outre I'etape consistant : 

k preparer des donn6es d'entree d'abonnes dans le module de security remplagable (714), destinies a etre 
transmises par I'intermediaire des moyens d'interface t6l6phonique. 

35 

31. Procede selon I'une quelconque des revendications 23 a 30, qui comprend en outre une 6tape de commutation 
active (708), en r6ponse k un signal d6tect6. entre r6l6ment de s6curit6 fixe (719) et le module de s6curit6 rem- 
pla^able (714), de iagon k d6crypter efficacement la clef s61ectivement chiffr6e, pour produire la clef d6crypt6e. 

40 32. Procede selon I'une quelconque des revendications 23 ^ 31 , qui comprend en outre une 6tape de commutation 
active (708), en r6ponse k un signal d6tect6, entre les premiers et les deuxi^mes moyens decrypteurs de clef 
(713, 718), de fagon k d6crypter efficacement la clef s61ectivement chiffr6e et g6n6rer la clef d6crypt6e. 

33. Proc6d6 selon I'une quelconque des revendications 23 k 32, qui comprend en outre les 6tapes consistant : 

45 

k mettre k disposition des infomriations d'abonnes, comprenant ladite clef selectivement chiffree et lesdits 
premiers et deuxiemes numeros de serie confidentiels, au niveau d'une premiere source ; 
k mettre k disposition une pluralit6 de signaux de programme au niveau d'une plurality de deuxiemes sources ; 
k transmettre les informations d'abonnes aux deuxiemes sources ; 
so k combiner les informations d'abonnes aux signaux de programme pour produire des signaux combines ; et 

k transmettre les signaux combines audit d6codeur 

34. Procede selon I'une quelconque des revendications 23 k 33, qui comprend en outre une etape consistant k recevoir 
un paquet de donnees composite, le paquet de donn6es composite comprenant : 

55 

un premier paquet de donnees (9a) contenant des donnees non chiffrees, pour adressage du decodeur indi- 
viduel ou du groupe de decodeurs ; 

un deuxi6me paquet de donn6es (9c) contenant des donn6es non chiffr6es pour determiner si au moins les 
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premiers ou les deuxifemes moyens d6crypteurs de clef (714, 719) se trouvant dans I© ddcodeur doivent 6tre 
valtd^s ; et 

un troisi6me paquet de donn6es (9d), contenant des donndes chiffr6es, pour utilisation par le d6codeur 

5 35. Proc6d6 selon la revendication 34, dans lequel le paquet de donnees composite comprend en outre un quatrifeme 
paquet de donn6es (9b) contenant desdonn6es non chiffr6es, pour determiner I'ordre de d6cryptage du troisi6me 
paquet de donndes par les premiers et les deuxifemes moyens ddcrypteurs de clef (714, 71 9) si le troisi6me paquet 
de donnees a 6\6 deux fois chiffrd. 

10 36. Proc6d6 selon Tune quelconque des revendicatlons 23 h 35, dans lequel le d6codeur comprend en outre un circuit 
decodeur (1368), les premiers et les deuxiemes moyens d6crypteurs de clef y 6tant incorpores, le proc^de com- 
prenant en outre les 6tapes consistant : 

k recevoir (1 391 ) une pluralite de signaux numeriques comprimes, avec une plurality d'adresse, chaque adres- 
15 se correspondant k un signal num6rique particulier ; 

h s6lectionner (1392) un signal num6rique particulier par identification de I'adresse particuli6re ; 
^ d6comprimer (1 393) le signal num6rique s6lectionn6 ; et 

^ coupler selectivement (1 367) au circuit ddcodeur (1 368) le signal ddcomprime (1 393) ou un signal d6modul6 
(1366). 

20 

37. Proc6d6 selon la revendication 36, qui comprend en outre une 6tape consistant ^ d6crypter (1 399) le signal nu- 
merique selecttonne. 

38. Proc6d6 selon Tune quelconque des revendications 23 ^ 37, qui comprend en outre les 6tapes consistant : 

25 

k generer une information de commande de d6codeur a partir de la clef decryptee, information de commande 
de d6codeur pouvant dtre utilis6e pour d6brouiller le signal brouill6 ; et 

k faire en sorte que la clef d6crypt6e g6n6r6e par les deuxiemes moyens d6crypteurs de clef ne puisse §tre 
utilisee que pour generer I'information de commande de decodeur 

30 

39. Proc6d6 selon I'une quelconque des revendications 23 k 38, dans lequel les deuxiemes moyens d6crypteurs de 
clef sont incorpores dans le module de security rempla^able, et, initialement, I'etape de commande n'agit que sur 
les premiers moyens decrypteurs de clef, et une tete de reseau chiffre une nouvelle clef, en utilisant un autre 
premier numdro de s6rie confidentiel, puis en utilisant le deuxi6me num6rode s6rie confidentiel pour produire une 

35 nouvelle clef s61ectivement chiffr6e, et le proc6d6 comprend en outre les 6tapes consistant : 

k d6crypter la nouvelle clef s6lectivement chiff r6e dans les premiers moyens decrypteurs de clef, par utilisation 
de I'autre premier num6ro de s^rie confidentiel pour produire une clef partiellement d6cryptee ; et 
k decrypter la clef partiellement ddcryptee dans les deuxidmes moyens decrypteurs de clef, par utilisation du 
40 deuxi6me numero de s6rie confidentiel pour recuperer la nouvelle clef, chaque nouvelle clef ult6rieure etant 

chiff r6e uniquement par utilisation du deuxieme num6ro de s6rte confidentiel, puis I'etape de commande n'agis- 
sant que sur les deuxiemes moyens decrypteurs de clef quand une nouvelle clef ulterieure est chiffree uni- 
quement par utilisation du deuxieme numero de serie confidentiel. 

45 
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